There are a few options depending on how deep you want to go with the auditing, and whether you want to see things like a logon history for users logging on to the workstations.
A plain "AD Audit" product may not be sufficient, since those will just focus on monitoring the actual AD itself, not servers, workstations etc. Regular log monitoring solutions won't tell you anything about installed software and patches.
Scripts may be able to do the trick, if you are looking for something very specific and don't mind running that on a schedule and have a way good way to sift through the info the script returns.
And, finally, inventory products won't actually monitor your AD, although they will excel with things like software inventory, patches etc.
Maybe take a look at EventSentry which has a pretty comprehensive feature set for these types of things. It monitors servers and workstations for both security & performance, but also has an AD monitoring component. It also tells you the latest build a workstation is on, along with a list of installed patches. It also has a feature where it flags computers that are not on the latest build/patch release by Microsoft. Oh, regarding user accounts, with its AD component you can see a list of all users in a domain, but I don't think you can see that for member servers and workstations (although you can see almost anything else, not sure why that's not included?). However, Windows audits just about anything, so you would be able to see if a user is added or removed.