AD *is* a modified/extended LDAP+Kerberos based system, it just adds a ton more proprietary stuff around it to manage Windows workstations, the whole Group Policy Object stuff etc etc. Thats all implemented via LDAP extensions.
I'm sorry, with all due respect I disagree. There is an unfathomable quantity of functionality not accessible via LDAP.
You can query some aspects made available through the LDAP interface, you cannot set nor modify plenty.