Microsoft’s Active Directory provides for centralized management for Windows Domain Services.
When a user logs in with their active directory credentials, the administrator can have the computer run a login script. As part of the login script, the computer can update security signatures and update application software for better security.
Active Directory allows for group policies to be created, which is exactly what is sounds like. You create groups and apply policies to them. These policies can set password complexity requirements, login restrictions such as what time you can log in, and other security permissions.
Organizational units are how active directory is structured. Organizational units can be based on how the company is segmented (by location, department, division, etc.)
It’s common to assign a network share under a user’s name, so that the user can use this as their home directory. Since it’s on the network, the information will be backed up in case the user’s location machine crashes.
Group policies can be assigned so that folders redirect elsewhere. This is useful in cases where you don’t want to allow users to store information in their local folders. Instead you can redirect the local folder to a folder on the network. For example, the Pictures folder on the computer can actually redirect to a folder on a server so that the data is backed up and can be accessed from anywhere.