With this configuration:
Windows manages passwords (so Windows password policies will apply).
For many installations, this provides the best of both worlds: mainframe-compatible security for Enterprise Server, but there is only one set of user accounts, and they're managed with standard Windows tools.
This configuration uses two ESM modules. Both use Active Directory, but through different interfaces, and they perform different tasks.
As with most ESF security configurations, this type can be used for some or all Enterprise Server instances and/or for MFDS.