I have to implement a domain into a business with ~200 user accounts. Being a unix guy, samba seemed the first choice.
However, after a few discussions related to ease of management (which will be delegated to support staff) and ease of implementation, Windows 2003 Server became another option.
I would like your opinions on PDC Samba+ldap (to which I wish to authenticate postfix too) versus a Windows 2003 Server Domain Controller.
I've used both, but with that many computers / users to support I'd lean toward Windows Server to get both Group Policy and Windows Server Update Services. Both of them are going to make your life easier and decrease the amount of support labor related to client computer maintenance. If you haven't read up on what Group Policy can do, have a quick look at: What group-policies have you applied?
A lot of people focus on the "locking down the computer" uses of Group Policy, but for me it's about automating administration tasks and making new PC / user provisioning consistent and as near to automatic as possible.
Will it be worth the added expense to go w/ Windows Server versus Samba? That depends. I think the TCO savings would be worth it, but those certainly aren't "hard numbers".
It will be easier for the organization to find somebody to maintain a Windows Server installation when / if you decide to move on. (That's not to say that maintaining Samba is particularly difficult, or that the average Windows Server admin off the street really knows what they're doing, though, either.)
To be fair, you can use scripting to do anything that Group Policy can do. It may not be as easy, but it's certainly possible.
It comes down to whether you want to spend time implementing Samba or spend money implementing Windows Server. We use Samba, but there's a few niggles, but it's significantly cheaper than Windows Server. In particular, Samba doesn't seem to be noticing changes to group memberships until you restart it. It does give us a bit more flexibility than Windows would allow. We use LDAP for our authentication and it seems to work reasonably well.
I would choose Windows for Group Policy alone. Managing 200 users/workstations wil be waaay easier using Group Policy.
Seems like you're making life alot harder for yourself for no good reason.
Windows Server 2008 (you shouldn't be rolling out 2003 now) costs a few hundred bucks. You're going to waste far more $$ on your own time fixing glitches, writing scripts for the admin users setting up accounts, etc.
These ~200 folks are completly new to windows domains? How do they operate at the moment? I am asking because of the migration you will have to do.
One of the most important questions is about E-Mail, are they possibly thinking about using Outlook/Exchange in the future? Then you're lost to the Windows Server solution, if you're not able to circumvent this with a deployment of Zimbra or another mailserver which is capable of speaking MAPI if your client sticks to Outlook..
You might take a look at these projects/solutions:
http://www.clearcenter.com/
http://www.univention.de/en/products/ucs/
I'm already researching these. For basic domain/profile management with Windows clients they look very promising. And I've already created domains with ClearOS. The e-mail/domain/proxy integration they've done so far is excellent. Will be trying a full temo of Univention which in some ways is more advanced in development although its seems geared to larger businesses. As for e-mail, integrating outlook, not sure I would go that route. There are better, more customizable clients out there that run on M$ Windows, Thunderbird is a great choice. You may consider look at OpenXchange as well for e-mail client integraiton or web based.. For general Exchange "simulation' its not bad.
I have no affiliation with either of these groups. FYI
I have used both Microsoft AD and the Samba Implementation (Samba 4) to be exact.The Microsoft AD is easier to implement BUT it is not cheap.If you know your way around Linux,You can set up a shiny new Samba 4 install on an Ubuntu 14 Server in under 24 hours.In as far as management,you may not notice a difference between Microsoft AD and Samba4 since in both,you will use the Windows RSAT for Administration.I have not come across a single thing that Microsoft Supported that Samba4 did not Support.For Stability,i found the Samba to be more stable since it runs on Linux.Microsoft AD inherits Microsoft windows server problems.Samba 4 implementation is a very stable implementation of AD especially if you are using Debian Distributions.It is very very well supported under debian.I have not done much on Red hat Distros so i can't tell much about implementation of Samba on Red Hat.One catch with Samba 4 Implementation,YOU MUST KNOW YOUR WAY AROUND IN LINUX!!!!!