Active Directory is a directory service -- a way to store and look up information about people and things in your organization. It's also used for managing policies about groups -- what users have access to what resources, how specific classes of user accounts behave -- for replication between domains (so that one domain's directory will echo another), for globalized authentication (so a user can sign in anywhere in the domain and get the same desktop and resource access), and so on.
The information in AD is held on the domain controller for each particular domain, in a database that's kept hidden from normal access. Most of the information is entered into AD through applications that are written specifically to make use of it -- for instance, Exchange Server uses the AD user account list to create its list of mailboxes.
Microsoft has a very complete breakdown of everything that goes into AD
on their site:
This was first published in July 2002