TeamCity supports many authentication schemes including Windows domain and LDAP.
Even more: you can easily migrate from one authentication scheme to another or mix these schemes together, using all of them at once.
TeamCity users can be organized into groups and can be assigned privileges. Once included in a certain group, a user gets all the roles assigned to the group.
Groups support hierarchy which simplifies user management for large companies.