MSAD makes me very nervous. I tend not to trust that which I cannot see and the inner workings of MSAD are blackbox voodoo. Everytime our AD servers have a hiccup (such as the recent failure of one of our mirrored drives on our main domain controller) I get a queasy feeling in my stomach that the end is near.
This is probably the main reason for my strong preference for Open Source software. There have been too many occasions where something broke and I was able to hack a fix together because I could read the code and really understand what was going on. Blackbox programs, like those the CIS department uses from Microsoft and Oracle, bother me because the only way to fix things when something breaks is to either depend upon the providers to have adequate documentation, to become trained in how to fix them, or to pay them for help.
Active Directory is a huge product that we store a ton of information in—you can't help but do so on a Windows network. Microsoft Windows won't really talk to another directory system unless you severely coerce it to. (For example, Novell's NDS replaces Active Directory functionality by basically gutting Windows and replacing every security system on completely. Of course, Novell makes me nervous for the same reason Microsoft does.)
Anyway, I mostly wanted to simply voice the fact that blackbox software makes me very nervous. The more important that software is to my day-to-day life, the more nervous I get. MSAD makes me very, very nervous.
I hear ya
I know what you mean about dealing with 'black box' applications you can't look inside and try to fix things yourself. However, I think that AD (even though a M$ product) is pretty good in what its intended to do. As long as you have it replicated properly over several servers, I haven't had much trouble with it where I work at now.
It would be neat to see someone come up with an openldap client application for windows though :). Wonder if someone already started on one ...
Replacement for AD
I look for such things every now and then because I would love to reduce our dependence on MS. However, I doubt such a thing will ever be feasible as long as I'm here. If for no other reason than our office staff require a Windows-only environment and I don't mess with their setup unless I have a really good reason.
The closest such thing I've found works with 2000/XP environments called pGina. I'll let anyone interested Google for it.