Check out N2 (http://n2cms.com/). I think that it covers most, if not all, of your requirements (I don't think it has Active Directory capability at this time). We are using N2 and I have really enjoyed how flexible it has been.
My advice is don't use generic multiple select controls. I've been running User Experience Research for my whole career, and every single time I test a site with multiple select controls, it always turns out to cause problems for end users.
I did a post on this a while back: Multiple Select Controls Must Evolve or Die
Sounds like you knew this anyway, though. Your real question is "what do I use instead?" Well, to answer this question you have to work out whether the user's task leans towards recall or recognition.
(i) By recall, I mean the user knows what they want to pick before they have even seen the list. In this case, it's probably easiest for them if you offer an autocomplete tool (as used very effectively on facebook, for example). This solution is even better when the list of options is also impossibly long to present on a page (e.g. location names, etc).
(ii) Moving on to recognition - by this I mean a task that involves the user not knowing what they want to pick until they've seen the list of options. In this case, autocomplete doesn't give them any hints. An array of checkboxes would be much more helpful. If you can show them all at once, this is helpful to the user. Scrolling DIVs are more compact but they create a memory load for the user - i.e. once they've scrolled down, they have to remember which items they picked. This is particularly evident when users save a form and come back to it later.
So - thinking about your problem, do you need a solution for recall or recognition?
Best Answer
They are rare, HCI is a specialist area in IT. I know next to nothing about it, but a friend of mine was a HCI engineer and she could recite reams of data about the topic, show websites, groups, academic papers, etc.
HCI is still an area that (undeservedly) gets little attention, probably because its seen as less important to the business of selling software - shrinkwrapped software is sold on marketing claims, not actual usability of it, so there is little incentive for the people who pay for the software development to pay for HCI too.
If you want to learn more (and its good you should encourage its use - I've used too many crappy interfaces, and though I try to develop better I often don't get the chance to really improve things for my users), try this website/book.