Active Directory is required for authentication and authorization. The Kerberos infrastructure in Active Directory is used to guarantee the authenticity and confidentiality of communications with the Delivery Controllers. For information about Kerberos, see the Microsoft documentation.
You need any of these functional levels for the forest and domain:
To use Policy Modeling, the domain controller must be running on a server whose operating system is Windows Server 2003 to Windows Server 2008 R2; this does not affect the domain functional level.
Optionally, Virtual Delivery Agents (VDAs) can use information published in Active Directory to determine which Controllers they can register with (discovery). This method is supported primarily for backward compatibility, and is available only if the VDAs are in the same Active Directory forest as the Controllers. For information about this discovery method see Active Directory OU-based Controller discovery and CTX118976.