This is different scenario than we're discussing.
If a bad actor had direct access to the server, we can surmise that encryption keys are either known or bypassed.
If I send encrypted plaintext of my password, bad actor now knows my plaintext password. If I send encrypted hash of my password, bad actor knows my hash, but not the text.
Either way, they can (in theory) use that password/hash to authenticate my account on this particular authentication system. The utility of knowing a password is to try it on different authentication systems. Assuming competent authentication design, the hashes will be salted to a particular application and submitting them to a different one will not result in a valid authentication (not saying there aren't incompetent ones out there).
My presumption is that AD servers store that password as a salted hash, and only ever receive a salted hash from the client via encrypted (TLS/SSL) channel (which seems logical, right?). So how does IT (functionally existing at the "direct access to server" point) know enough about the contents of my password for it to not pass audit if the plaintext is never sent to the AD server and (presumably) they didn't spend the time to brute-force unhash everyone's passwords?