Which problem space is that?
For group policy part cfengine, salt, puppet are far better (group policy is just modifying windows registry and manipulating files although at first it seemes a bit like magic).
For authentication we have kerberos, which Microsoft pulled in from the free world beginning with Windows 2000. Kerberos does not fly in the Cloud world though.
And Dropbox is just sshfs, ftp-mount etc. There is a huge advantage to having an all-in-one, it just works, solution. Active directory is such a solution and does really well. Login to a different mschine and things are just setup. Push programs, setting, updates. Change security. It's great.
Have you ever actually done that - managed a large fleet of desktops and a productivity suite, all on Linux with no active directory? Complete with whatever the Kerberos equivalent of a backup DC is?
The problem with AD is that it is for windows only. It does not fly for managing Mac and Linux desktops. So that gives us salt for example, which has clients for all three.
The second problem with ad is that if you need to manage any complex settings, you'll need to write your own templates. The included group policies are only for basic level os management + some for basic level Microsoft office managment stuff. Anything else and it's scripting + manual work and AD is only for distribution and selecting hosts/users where to apply those settings.
And yes, I've managed multi thousand workstation networks with AD. Do not recommend it.
AD isn't just for Windows, which would be weird since it is mostly a fancy key value store (with associated functions and services of course). SSSD for example can use AD. The problem is that Linux itself doesn't support the same functionality client side, which using a configuration manager doesn't really solve. And question wasn't if you have used AD, but if you have managed Linux desktop deployments without it. Since your claim is that it is better.
I'm in the process of bulding a solution for managing all three OS'es. AD is not on the table because theres nothing to do with kerberos in our network and AD would be a "windows only" solution.
Why is AD a Windows only solution? Large corporations and startups use it to run tens of thousands of Macs and Linux machines in addition to Windows. In fact, I can't think of a single large company that does not use it. Its basically the core for many.
Linux can totally run in a AD domain with auth managed by AD. Client side SMB is also not bad. But you are excluding Kerberos for some unrelated reason, right?
