Do you know what your users can do or access on your network? Who can make modifications? If a user's computer dies, do you know what applications need to be installed on his new machine?
Answering these questions in a small business may be trivial, but it is not in larger networks, even with Active Directory.
For all its "wonderful complexity," Active Directory does not do this out of the box. Finding answers to these kinds of questions with AD still involves browsing through a large number of windows and taking notes.
This is because AD does not come with any embedded business logic. It is a blank canvas. It is only as good as you make it. (It is last-century technology.)
With a proper role-based and rule-based implementation and a few scripts, AD can do the job for you.
A new hire can be granted the same access to folders and applications as another employee in minutes. Permissions reports can be generated and change monitored. Your network can be manageable and can evolve organically and coherently along with your organization.
Hundreds of hours of ongoing manual management of permissions can be spared and countless errors and vulnerabilities avoided.
Set things up correctly right from the start, or make things right as soon as you can. It is not too late, and it can be done incrementally.