I have a similar setup and have been using cohorts to do what you describe at least for part #1
What I've done is :
- I Mapped a couple of fields from Moodle to their profile in AD (You can use either a profile field like company / department or use a custom profile field.) I've set these fields as locked and update on every login.
- I use Autoenrol cohort to add my users on login to cohorts dynamically based on the user profile field.
- I use the cohort sync enrollment method (The one that ships with Moodle) to enroll all members of a cohort to the course
As for Part #2, I'm not sure it can be easily done:
However, you may be able to accomplish it by using the External Tool activity and setting up LTI enrollments. (https://docs.moodle.org/37/en/Publish_as_LTI_tool)
Using some form of activity completion to limit access to the External tools.
-Steve