Would you mind explaining what domain controls offer? I've never worked with a large windows desktop install base, so I have no idea what domain controls do exactly.
A "Domain Controller" is basically a server that has authority for a domain. A domain in Active Directory is really the same thing as a "normal" internet domain (in fact is uses DNS) in that it can have sub domains where authority can be delegated to other DCs etc.
Each domain can have a collection of resources such as other servers and printers/storage etc. So once you authenticate against the domain controller (usually by logging into a computer using a pattern like \\Domain\Username rather than just username) you get a secure signed "token" back from the DC.
This token can be sent to other computers on the network that are members of the domain (or sent to web apps via a cookie) and it will identify the user as a member of that domain and also provide information as to what levels of access should be allowed without having to authenticate separately with each system.
That's kind of hand wavey though and Active Directory provides too many features to be enumerated here.
The big win is Group Policy. You can centrally control every single option, including many applications, for every single Windows system on the domain. It's like puppet on steroids and HGH.
Each domain can have a collection of resources such as other servers and printers/storage etc. So once you authenticate against the domain controller (usually by logging into a computer using a pattern like \\Domain\Username rather than just username) you get a secure signed "token" back from the DC.
This token can be sent to other computers on the network that are members of the domain (or sent to web apps via a cookie) and it will identify the user as a member of that domain and also provide information as to what levels of access should be allowed without having to authenticate separately with each system.
That's kind of hand wavey though and Active Directory provides too many features to be enumerated here.
http://en.wikipedia.org/wiki/Active_Directory