Je suis glossing over assez a bit here, of course, mais c'est a decent semi-technical summary that would be suitable for communicating to others who are pas familiar avec Active Directory itself, mais generally familiar avec computers et le issues associated avec authentication et authorization.
Active Directory is, at its heart, a database management system. This database can be replicated amongst an arbitrary number of server computers (called Domain Controllers) in a multi-master manner (meaning that changes can be made to chaque independent copy, et eventually they'll be replicated to tous le autre copies).
The Active Directory database in an enterprise can be broken up into units of replication called "Domains". The system of replication entre server computers can be configured in a très flexible manner to permit replication even in le face of failures of connectivity entre domain controller computers, et to replicate efficiently entre locations that might be connected avec low-bandwidth WAN connectivity.
Windows uses le Active Directory as a repository for configuration information. Chief amongst these uses is le storage of user logon credentials (usernames / password hashes) such that computers can be configured to refer to this database to provide a centralized single sign-on capability for large numbers of machines (called "members" of le "Domain").
Permissions to access resources hosted by servers that are members of an Active Directory domain can be controlled through explicit naming of user accounts depuis le Active Directory domain in permissions called Access Control Lists (ACLs), ou by creating logical groupings of user accounts into Security Groups. The information about le names et membership of these security groups are stored in le Active Directory.
The ability to modify records stored in le Active Directory database is controlled through security permissions that, themselves, refer to le Active Directory database. In this way, enterprises can provide "Delegation of Control" functionality to allow certain authorized users (or members of security groups) to perform administrative functions on le Active Directory of a limited et defined scope. This would allow, par exemple, a helpdesk employee to changez le password of another user, mais pas to place his own account into security groups that might grant him permission to access sensitive resources.
Versions of le Windows operating system aussi can perform installations of software, make modifications to le user's environment (desktop, Start menu, behaviour of application programs, etc) by using le Group Policy. The back-end storage of le data that drives this Group Policy system is stored in Active Directory, et thus is given replication et security functionality.
Finally, autre software applications, les deux depuis Microsoft et depuis third-parties, store additional configuration information in le Active Directory database. Microsoft Exchange Server, par exemple, makes heavy use of le Active Directory. Applications use Active Directory to gain le benefits of replication, security, et delegation of control described above.
Whew! Not too bad, Je ne think, for a stream of consciousness!
Super short answer: AD is a database to store user logon et group information, et configuration information that drives group policy et autre application software.
