No one seems to like AD. I actually find it to be fairly manageable compared to stock LDAP/Kerberos. The management tools blow OpenLDAP out of the water. I laugh at myself saying it, but if you want simple management of a big installation, AD is pretty dang tested these days and it's not hard to integrate other systems in that environment if you have admin control of the schema.
Microsoft have always been good at pretty GUIs for managing their product. It's why NT Domains succeeded and NIS+ failed, despite being very similar in concept.
Microsoft are _also_ learning why scripted access to their products is essential. Eventually they'll have the benefits of built-in adequate usable management tools and the flexibility of programmatic interfaces and it'll be a lot harder to justify Unix for infrastructure purposes.
Which'll put me out a job!