I'm absolutely pro-FOSS but also want to point out that just the licence cost comparison here isn't too meaningful. Licence + maintenance cost fould be a much more sensible figure (and much less likely to be zero).
That is true. But paying for commercial software doesn't free you from having to maintain said software. So while some software might be easier to maintain than other, I think it is fair to just compare the license prices if you have no additional insight into the organization and how their IT operates.
What free software offers the enterprise features of Windows? AFAIK not even Red Hat is anywhere close to the central management features of Windows domains. Samba on Linux/Mac is severely backwards and using it is pain.
I think you'll find your experience here is outdated. There are a few good tools for managing Linux systems - puppeteer is one. What sorry if features are you missing?
As for Samba, Gnome has good client built in to the file browser. But I'd have to ask why you're using Samba at all. There are much better network filesystems in the Linux world that don't come with all the legacy cruft and undocumented idiosyncrasies that are part of the SMB protocol. They're harder to set up on Windows, but that shouldn't be a problem if you standardize on Linux.
Samba - or to be precise MS AD is not just about files. On Linux it's limited to files and that's exactly the problem I'm talking about. On Mac it's at least able to share certificates and some basic settings now - still not ideal though.
Actually with modern clouds like OneDrive it's not about files at all, I haven't seen network drives being used for a decade. It's about privileges to various resources available within the corporate network and about what you can't do with your work computer, and about having the computer auto-configure to play with all the resources on corporate network.
It's about setting detailed access level based on AD groups - including user applications, not just networked drives or whatever. Permissions to CRM/ERP systems, document management systems etc. Detailed as much as "this user can only see contracts and invoices assigned to the London branch".
I open my computer and I immediately see the printer that's nearest to me as the first printer in the list. Access to it is authenticated and authorized (with no additional password prompts). I can simply choose a document from SharePoint and send it right there, walk over there and slap my chip card on it and have it printed. It's part of my system's print queue but if I switch computers in the meantime I can still work with the queue item there.
I scan a document and it goes directly to my OneDrive which is automatically connected to whatever computer I sit at as soon as I log in, regardless of me using a random terminal that's been sitting in whatever office I'm visiting.
I'm unable to break anything because there is no root to login to, nobody ever uses sudo on the computer, nobody ever needs admin privileges on it (harder to do with devs but common for all other professions). If an app needs to be added the computer is remotely reimaged from an image with the app added (this requires a one-setting change by the admin, nothing else). No user settings or files go missing in the process.
Corporate VPN, firewall, proxy servers, wifi network, wired network - all of it requires auth. The system just takes my user certificate and just works with it all by itself. Nothing is available without auth, nothing is unencrypted.
Building this kind of system with Microsoft products is as easy as installing a few apps on the corporate server machine. I literally learned how to do it when I was 12 and couldn't speak English yet.
Building it with Linux - well I am pretty skilled with Linux admin (as much as you'd expect someone who used it as their primary system for 15 years and hosts their own websites etc) but I can't even imagine where to begin.
Using puppeteer to connect to individual machines and turn options there - that's crazy. Enterprise Windows are fully declarative. And using separate systems to manage Windows/Mac and Linux - that's crazy. Apple is doing what it can to support MS AD - if Linux wants to be a special case, it's going to remain a special case.
Unix systems were doing all of this 30 years ago. (I can almost feel all the old Sun Microsystems employees rolling their eyes.) It's literally why NFS and NIS (replaced by LDAP before Active Directory released) existed. But Unix != Linux, the popular parts of the Linux ecosystem don't cater to this, and trajectory continues to diverge away.
