The Wikipedia pages on Domain Controllers
are pretty good. And to add onto the Domain Controllers subject, I'd add Active Directory and the various roles to that. Actually, the Wikipedia page on exploits
is pretty good, too
As for exploiting vulnerabilities in a lab, I found it easy (as an introduction) to setup an OS that was unpatched and vulnerable, then used Metasploit to exploit it. This really was my intro into it and honestly wasn't that long ago. I'm following along with the Metasploit videos over at grmn00bs.com. That gave me the hands-on experience with actually exploiting a vulnerability.
As for a domain vs a subnet, they are different. A domain is a grouping of various network resources (users, computers, printers, servers, etc). A domain will apply specific policies for these resources depending on how its configured by the administrators. A subnet refers to IP addresses and how they're used in conjunction with subnet masks to form network segments. (ie the IP address 192.168.1.1 with a default subnet mask of 255.255.255.0 means that the IP address is the 192.168.1.1 to 192.168.1.254 subnet).
I hope that makes sense. Let me know if something needs more clarification and I'll do my best. Or maybe somebody else has some good analogies to remember this stuff. I've never been good with analogies haha.