Lotus Domino Active Directory Integration - Possible and Practical?

So about 3 months ago I "inherited" a Lotus Domino setup, and quite frankly, it's a mess. Historically, it's had 10 years of the primary focus being on development rather than on management and housekeeping (none of the latter was actually done, I had guys who'd left the place 11 years back still in admin groups), with a predictable end result.

Now, I know how to clean up a mess, but while I'm doing that I'm also keeping one eye on the future, and something that I'm interested in investigating is the possibility of Active Directory integration. It doesn't make sense to me - in 2009 - to have yet another bunch of systems that require yet another username and password, inviting people down the route of yellow-sticky-note-syndrome (not to mention doubling our user/password management overhead).

With clients being a mixture of browser-based and trad-client-based, I'm wondering how practical this is. Has anyone done it, and how well does it work? Do we get completely transparent authentication without requiring to even re-enter network credentials, do we still have to fool around with ID files (gack), can we add AD users to Domino groups, that kinda stuff.

The server is 8.0.2 (on 2003 Server), clients mostly 8.0.1 and IE6, database applications but not Notes Mail are used. What little info I've seen on IBM is incredibly vague on the whole topic.