[maxcoder4]

As a long time Linux user, I think problems are partially technical. For example:

* A lot of software used by them is certainly Windows only (they will have to find alternatives, change their workflows or invest in some windows virtual machines)

* Windows tooling for organizations is much more mature. There's a reason virtually everyone uses AD.

* Linux is very focused on user freedoms. This is not usually important in the office. But freedom to configure things is a freedom to break thinks, and cause admin headache.

The problems are solvable, but it doesn't mean they don't exist.

Oh and I love nixos, and I always wonder how realistic would it be to use it in a company for management of thousands of desktop machines. Sounds like it would be perfect for it, but i don't know any stories.

[tichiian]

> There's a reason virtually everyone uses AD.

The reason everyone uses AD is that you can have a functional Linux client in AD. But you cannot have a Windows client in any Linux-based LDAP+Kerberos setup.

The problem isn't that there isn't a good solution for Linux in big organisations, the problem is that Windows is only compatible with AD, nothing else, so the more compatible system (Linux) gets shoved into AD.

[BikiniPrince]

Every large organization that I have worked at has a solution for desktop and server Linux. The downside is you typically have a password hash stored in ad or a separate service. Ultimately, it isn’t terrible, but you do have a lot of enforcement at the border. So trouble can surprisingly appear when you connect remotely.

[briHass]

AD is also better and more feature complete. It was born out of necessity, but it's had decades of refinement in thousands of deployments that the OSS solutions haven't had.

[Zardoz84]

So, why does Microsoft want to kill AD and move everything to their cloud ?

[tichiian]

Because AD is a security nightmare. It is a collection of ~30 distinct protocols, e.g. bastardized versions of LDAP, Kerberos, DNS, DHCP, X.509 and a few RPC protocols that are all weirdly intertwined, with 30 year old designs. Every few months there is another CVE like 'oh, we forgot to checksum and sign that one field over there, please install this incompatible patch or you will have unauthed RCE'. Since all those patches make things break, there is a lot of vulnerable AD installations out there because most people need to be on "compatibility settings" that are insecure. And even the "secure" settings drop a CVE every few months.

[briHass]

They want you to move everything to the cloud, for obvious reasons. However, if you have on-prem/non-cloud servers, AD is still in the mix. They actually recommend running an AD DC as a VM in the cloud as a backup and to integrate cloud resources in scenarios that are more complex than Entra and Intune can handle.

[mairusu]

The reason everyone uses AD isn't that AD is good. It's that they either have no other choice, or they don't have any competent people in setting up other tools since all basic sysadmins only learn AD in schools.