Thank you Pedro,
Here is what I have set up so far.
I updated OS X to 10.7.4
I used Directory Utility to join OS X to AD.
I followed these directions to set up Profile Manager. http://krypted.com/iphone/setting-up-profile-manager-in-lion-server/
I installed the OS X Server Admin Tools
I launched Server Admin to grant access to Profile Manager for Domain Admins and Domain Users. (Adding domain admins first allows admins to log in to /profilemanager page to manage profile manager. Domain users can log in to /mydevices page)
Launched Server App and under Groups I edited the Workgroup group and added Domain Admins and Domain Users. (Again Domain Admins first followed by Domain Users. The order seems to matter as far as the server recognizing the admin rights of the domain admins group.)
Followed these directions to change the web authentication to plaintext to work with AD Logons http://support.apple.com/kb/HT4837
Then Launched the Profile Manager and check the box under the About tab for the Workgroup group for "Can Enable Remote Management"
These steps above get me to a functional profile manager that works with AD groups and AD logins for the /profilemanager and /mydevices page.
I can search for groups under the groups section, but under the users section I can only see local users or users that are imported from Active Directory.
To import users from Active Directory you Launch the Server App and under the users section click the +. There will be a pulldown to import user from another directory. If you start typing a name you should see names populate in the search window that yo ucan select and choose import.
What I seem to be missing is a piece that allows the user section of the /profilemanager webpage to do a query search of Active Directory. If this were set up then manually adding users through the Server app wouldn't be necessary. I have tried some extra steps for setting up the Magic Triangle, but have so far had no luck with those if they are even needed.
This command to stop kerberos for the open directory master fails at the step to remove the logon http://docs.info.apple.com/article.html?path=ServerAdmin/10.6/en/odfd7bf26f.html
If that were to succeed then using this command sudo dsconfigad -enableSSO would kerberize the AD in the computer.
Even if that were working I'm not sure that is what is required to get AD queries to work on the webpage.
I get the impression that what I want to do is possible with some hackery, but is outside apple's supported use design for profile manager.
Ian