I think you may have misunderstood how question about AD authentication. I was trying to find out how the users log in to their computers (local account or AD).
So to answer your questions:
Regardless of client authentication type you need to download Spark (or another Jabber client of choice). If you use AD you can install the client via Group Policy (takes 2 steps), otherwise visit each computer to install.
Before you can configure the clients you must fully configure the server, and add clients to it unless you are using LDAP authentication (highly recommended).
The users can then login in to the server with their chat/LDAP username.
Server security is very granular. I have deployed our server as an employee only intranet server and therefore have disabled all self registration, guest, and server-to-server features. I have enabled gateways for select users (based on LDAP groups). I also groups pushed to the specific clients based on membership (this allows for easy broadcast messaging).
There are distict advantages to configuring the server to use LDAP authentication.
Centralized user/group management
Control over content of profiles of chat clients
Enforced password security
Potential for Single Sign On with chat client (Spark loads/signs in automatically with all my users at login)
If you want clarification on specific features/settings please let me know.