But isn't it Active Directory which makes Windows more vulnerable? Am Asking, not disputing. I don't know any sysadmin stuff...
It's more secure because Active Directory accounts don't have credentials that are stored locally in the SAM database. So you can't use ntpasswd to reset the password on a local account like you would on a domain account. In fact, I am not sure how you would get around it other than connecting the machine to the domain controller and resetting the password that way.
It's also entirely mandatory for corporate environments (otherwise you'd be running as a giant workgroup). You need to be able to disable user accounts at a second's notice, so they can't log in or access data they shouldn't.
There used to be other solutions to active directory, but all of them have become defunct due to Windows being the predominant OS, so Microsoft's solution is the only solution. Regardless if it wasn't secure.