IT admin uses AD to organize your company’s complete hierarchy from which computers belong on which network, to what your profile picture looks like or which users have access to the storage room.
A group of objects, such as users or groups of devices, that share the same AD database makes up a domain.
Within a domain, organizational units are used to organize objects within the domains.
Multiple domains grouped together in a logical hierarchy make up an AD tree. The bonds between domains in a tree are known as "trusts."
This AD functional level is made up of multiple trees grouped together. Trees in an AD forest share trusts, just like domains in a tree share trusts. Trusts enable constituent parts of a tree or forest to share things like directory schemas and configuration specifications.
The AD service offers a central place for administrators to control almost all things related to user access and network permissions.
Users get to enjoy smooth access once the AD infrastructure is set and all permission policies have been enforced. Even with cloud services, AD makes sure that users don’t fact lag in accessing resources.
There are many alternative versions of AD available for different scenarios, like AD Federation Services, Azure AD Directory Application Proxy, etc.
GPOs are policy objects that help enforce global policies like password limits and system behavior. Microsoft offers a dedicated Group Policy Editor to help easily set up the policies and what level they will be enforced on.
A global infrastructure like AD can get pretty pricey to set up and maintain. Apart from that, once set up, changing its configurations is also expensive.
With AD services handling the whole network and its capabilities, the network will also die if the AD shuts off for some reason.
AD has several security risks, like root domains exposing the whole structure to vulnerabilities, unwanted permission inheritance, vulnerabilities due to inactive accounts, etc.