IIRC, if you use a Windows-based client OS to access AD, Exchange, Terminal Server, etc. the license you have for that client OS counts as a CAL for those services. I could be wrong on that, but
In a Windows environment, a well deployed AD solution makes life WORLDS easier in terms of granting security, maintaining/tracking user accounts, and managing/securing computers. When I say securing there, I'm referring to Group Policies being used to automate a Windows Server Update Service (WSUS) environment, as well as "lock down" computers and prevent users from using certain parts of the OS. In many cases, this isn't necessary, but Group Policies also allow you to "push" out configuration changes with little to no effort. We use it to set the proxy server and local server exceptions in Internet Explorer. Hand configuring that would be HUGE pain.
We also use it for application authentication. There's been a big push internally to move to AD authentication for all authentication. That makes life for users easy when they only need 1-2 passwords instead of one per application.