Active Directory is a package designed by Microsoft to manage an organizational network, this package is using different tools to 
organize and manage the corporate network. Basically before we get into specifics, the Active Directory is creating a managerial environment, where all of the network clients (end users) are connected to it, and anyone who connects to it is registered and monitored by the Active Directory system. That enables it, to manage the end users, what they are allowed to do, what they can’t, which resources will be available to whom. It creates groups and give those groups policies (group of rules) which binds that group into those rules, and every end user that is defined within this group is bind by it rules, and accordingly can or can’t do things within the network.
The Active Directory, has been built inside the windows servers (server 2003, 2008) and the Active Directory is it’s source of organization. Anyone who connects to the server is actually connected to the Active Directory, and through that can use the 
The tools that Active Directory uses, are the LDAP (lightweight directory access protocol) which is basically a library service. There is the authentication protocol based on Kerberos (authentication protocol for client/server services that enables connection and communication using secret encrypted codes over the internet), then there is the DNS (domain name system, which translate names like website addresses into IP addresses) and finally the group enforcement, making sure the group rules are working properly.
The Active Directory has a Physical aspect which includes a database that is residing on DC (DomainControllers), those DCs can do various operations and purposes, or the same operation for redundancy and loading performance and separations, where each change in domain is replicated using a replication mechanism, to the other domains and of course updating the whole organization accordingly. The Logical aspect of it is hierarchical concepts, like a pyramid, the higher structure is a forest, which is containing trees which resemble a collection of DCs. The forest is actually any object on the network, anything connected to it, and the rules apply using that hierarchy.
Each object on the network is an “Entity” and each entity has its own definitions which divides into 
3 types: resources, services & users. Every object has it’s unique GUID (ID), which identifies against the library (the LDAP) and that is how it gets identified.
This is the basic operation of the Active Directory. It’s use and functionality is to centralize manage all of the computerized resources in the organization. The policy can be implemented using a management tool called GPO (group policy) which can manage the policies given to different groups in the organization’s network.
This whole concept enable the network administrator to obtain control over the whole network from one computer (DC) and to define what type of desktop will a user have, which directories he can access, what tools he can use etc…