To be honest I'm not a fan of this. Linux was one of the few ways to stay free of the behemoth of corporate, invasive crapware that is forced upon employees. By evolving towards a full enterprise managed OS (with stuff like AD) this freedom will more and more be corrupted.
Well, at companies that actually care about 100% rollout of "corporate, invasive crapware" on computers that _they own_ and that are used to process _company data_ and access _company resources_, the alternative is usually just to ban Linux workstations altogether.
I see this as a strict improvement for adoption of Linux workstations in the corporate world
I'm not aware of ubuntu now supporting "rollout of corporate crapware" via this AD support.
MSIs still dont work on Ubuntu. GPOs are still very limited-- mostly just HBAC type stuff.
The stuff that works is the important stuff, but if people want to roll out software to Linux they aren't doing it with AD. They're doing it with a CM tool like puppet or ansible.
The AD support has been there for a while, sans the GPO desktop stuff. You could do dynamic DNS, full kerberos (including SSH SSO via Kerberos ticket), access control / HBAC (via GPOs), sudoers via LDAP, even centrally tie SSH keys to LDAP users.
Some environments mandate this stuff, and there's frankly no excuse for NOT supporting Kerberos / LDAP / centralized auth. The choice wasnt whether to support "stuff like this", but whether the support would be first class or second rate.
Kind of. You could do domain logins, but pushing policy down from the AD was at best partially implemented.
Also, it's kind of buggy. I have some Ubuntu 20 machines set to do AD logins here and more often than not it just stalls until it times out on login with no useful diagnostic messages emitted. Very frustrating.
Also AD support is small potatoes compared to products like CarbonBlack which are already deployed on Linux. Having "Puppet but controlled by GPO" isn't really new.
