Re: AD?
If you think AD crumbles in real world deployments you must be an intern that has yet to work in the "real world".
6 years experience, financial sector, worked for a certain bank that has a large presence in America (the continent). One particular system has 10+ million users, supports about 2000 concurrent users in peak hours and is managed by *two* LDAP servers. Real LDAP servers.
In comparison, a 700 user deployment requires no less than 11 AD Domain Controllers just to work, for another not-so-large organization. The same product that copes with the 2000 concurrent users in the other place, shits itself because of AD's weird behavior.
I'd like to note that most, if not all of the big financial institutions actively avoid the MS ecosystem. AD is used only for the in-company PCs, but the business stuff is using either LDAP, some Identity/Access Managment stack or RACF. AD is a joke among the application security market and is usually limited to only the MS stack and/or the Windows boxes in the company.
There are a LOT of admins out there with AD skills and CxO's are comfortable with the technology.
Betting on AD ended up killing our Production Environment for a couple of days at a former job. The CEO actually listened the "I told you so" crowd and are now switching platforms. They're not pleased with what they ended up getting with MS.