alt Hacker NewsAD is perfectly fine. It's actually really good at what it is: a highly-available Kerberos implementation with an integrated directory server. It's not as dominant as it used to be because there are better ways to handle identity for web applications and zero-trust environments, but I don't think that diminishes what AD was good at.
AD has built-in mecanisms where a random person can execute code on the AD themselves
You just have to not make a mistake (easy, just be perfect!)
Most people are not perfect; Hence, most people have security issue with AD (see the never ending tail of cryptolocked companies)