.... on your threat model, I have found that most removable-device crypto
works fine with simple password protection independent of AD, eDir, LDAP
or whatever directory service du-jour your favoured vendor is pushing on
that day. The important bit there is to
a) enforce strong passwords on the devices and
b) to have some recovery mechanism if said passwords are forgotten.