Bind your Mac systems to AD. That simple act will likely give you 90% of what you are looking for. You do this through System Preferences > Accounts > Login Options (or alternately throught Directory Utility or dsconfigad).
Now this will give you authentication and authorization from the AD domain plus group memberships and single sign on to Kerberos services (file services, Exchange, etc). Binding to AD will not allow you to do group policy. If you are looking to do managed client, then you have a number of options.
They include AD Schema Mod (only do this if you absolutely must), 3rd party tools like Centrify (as they give you Windows tools to manage Macs), or OS X Server and the use of the "magic triangle."
The triangle is the binding of Mac workstations to both AD and OS X Server. All authentication and authorization comes from AD and then management comes from OD using native Apple tools. This way you don't annoy anyone in the AD team by asking them to modify the environment.
This is a wise choice to bind the systems. If makes Macs first class citizens (well, almost).