If by "validate SSL client-certificates against Microsofts Active Directory" you mean have the ASA confirm that the certificate the client holds is valid, it does it by checking its CRL, in case it uses that method, can also use OCSP as you might know.
Now, as for the "act as a SSL proxy between server and client" thingy, i know that the newest member of the ASA-frewall family, the ASA CX [it's actually a module], has a TLS/SSL proxy feature.
Couldn't find a document stating that fact though, i guess you can always reach out for your Cisco rep and get that clarified.