I use ACS to manage vpn user profile.
The authentication flow is:
UserLogin->ASA->ACS->AD
On ACS you can creat ACL for special user or user-group, when the user authen to ACS, it will auto download the ACL to ASA. it is very flexible.
You can search "VPN ACS" to find an example.