I think the operative word here is "can." Active Directory allows you to actively reject machines from your network that are not part of the Domain and it can prevent you from extricating a machine from the Domain to circumvent restrictions imposed upon the machine, the user, the location, or any other myriad of configurable factors.
It would surprise me if there was something you couldn't do to on a nix machine that you could do with Active Directory on a Windows based PC but the time and maintenance involved are in no way proportional. The full featured and easy to use tool-chain was what made Microsoft great, and they lost that with overly complicated systems in the 2000s but they seem to be getting back on the right path with Powershell and their Core Server administration tools.
Additionally Active Directory is an LDAP provider so it's relatively easy to integrate nix machines into an AD environment.
I think the operative word here is "can." Active Directory allows you to actively reject machines from your network that are not part of the Domain and it can prevent you from extricating a machine from the Domain to circumvent restrictions imposed upon the machine, the user, the location, or any other myriad of configurable factors.
It would surprise me if there was something you couldn't do to on a nix machine that you could do with Active Directory on a Windows based PC but the time and maintenance involved are in no way proportional. The full featured and easy to use tool-chain was what made Microsoft great, and they lost that with overly complicated systems in the 2000s but they seem to be getting back on the right path with Powershell and their Core Server administration tools.
Additionally Active Directory is an LDAP provider so it's relatively easy to integrate nix machines into an AD environment.