If you use Kerberos along with LDAP, you can configure the desktops to use MITv5 Kerberos from a UNIX-based realm. Again, you still lose the advantages of a domain. You need Active Directory for group policies, for instance, and for a central store of groups. Also, setting up cross-realm trusts can be a challenge in MITv5 where it's a breeze in Active Directory.
If you end up deciding to synchronize between your UNIX-based LDAP service and Active Directory, you'll need to invest in a utility that keeps the two databases in sync. This can be a challenge if you have many AD-based domains, or if users can create ad hoc domains, such as on a college campus. Microsoft makes a product called Microsoft Metadirectory Service (MMS) that can do this.
Dig Deeper on Microsoft Windows Data Backup and Protection
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.