Active Directory and LDAP (low-overhead directory access protocol) are “single sign on” facilities available from Microsoft and other vendors that provide a single sign-on and user authentication facility.  A user signs in once, and that sign in is transferred to all applications used by the user, saving them the time to sign in to each individual application.  Moreover, these facilities provide centralized user access control for IT departments, making it easier to manage user accounts.

See

Authentication and Authorization Process Overview

Active Directory Role Management (Windows User Groups Role Management)

Microsoft Authorization Manager (AzMan) Role Management

Configuring Active Directory

Configuring Microsoft Authorization Manager (AzMan)