Yes it can do that.
However it's likely to to take a little playing around with the configuration to get it doing what you need. Still if you've got £12K to save that could be worthwhile!
What exactly do you mean by 'AD reporting'?
If you mean running a webproxy that each user has to login to authenticated against Active Directory then you may struggle to get exactly what you want. It can be done though, via captive portal and freeradius for example.
In my opinion the one part of pfSense you are likely to find lacking is logging/reporting. pfSense can export all it's logs to external reporting software though.
If you have VM servers setup then I suggest installing it and having a play around.
Steve