I need to be honest. I think Active Directory is a bit of a liability when it comes to the overall Microsoft product offering. There are some great products like TFS, Exchange, SharePoint and they all integrate with Active Directory.
The problem is that Active Directory basically requires organisations to own all their own infrastructure if they want to achieve single sign-on across all of these products.
Internally at Readify we are seriously looking at the costs of our IT organisation and we would love to be able to host Exchange with one hoster, SharePoint with another (not talking about SharePoint as a TFS dependency here), and probably self-host our TFS server, but possibly up on something like Server Intellect, or GoGrid.
The problem is that all the subtle AD dependencies in this products makes it difficult to really commit to that course of action. If we decide to install products in workgroup mode (or give them their own AD as required by the hosters) what are we exposing ourselves to in the future if one of the product teams decides to take a hard dependency on AD.
Where are the investments that Microsoft is making around technologies like CardSpace and simple Username/Password authentication over SSL in all their products which will allow their customers to distribute their IT assets in the cloud.
Until Microsoft takes multi-tenancy and hosting scenarios seriously its not going to be a reality for a lot of organisations.