Hello there!
We have a Windows domain available with servers and workstations that offer AD, DNS, DHCP, file server, exchange and more. The issue is that we need to migrate the ENTIRE infrastructure to domestic software.
So, the question is which platform would be the best option to choose?

Here's what we need:
- A single point of authentication just like Active Directory;
- Configurations distributed to domain machines including admin groups, remote resource connection, browser settings, symlink distribution to resources, program configurations and more just like group policies;
- SSO used when accessing different resources such as web resources and remote resources so that the users don't have to enter their login information repeatedly.
We prefer a solution from a single vendor in one package regardless of the price (since we already paid for Windows).
I would greatly appreciate it if experienced experts could share their suggestions or guidance. I'm pressed for time and worried about making the wrong choice.

PS: If any of you have experience using alt, astra and rosa systems, please feel free to share.

For those seeking a comprehensive Linux solution, freeipa may be worth considering. Alternatively, RedHat offers a paid counterpart.

It's important to note that if you're still using debian-based distributions, you may encounter issues with kerberos in nfs and samba. CentOS tends to function smoothly and integrates well with AD.

If you plan on transitioning away from Windows, samba is likely your best bet.

It is not possible to achieve 100% coverage with the same ease, but there are some options available. One classic option is samba, which although difficult and time-consuming, can be almost AD level straight. Another option is FreeIPA, or UCS Linux.

If everything is going to be completely Unix-based, why not consider options such as nis + nfs, which are simple and will provide user management in a native way? Postfix can also be included, which will not be too difficult to set up and will provide necessary functionality in the native environment. It's worth noting that Windows also supports nis and nfs, but it's unclear at what level and how convenient it is.

For quick testing purposes, openSUSE could be a good option as it has a user-friendly GUI for setting up all the necessary configurations. This will be particularly useful for those transitioning from a Windows environment, including servers.

To meet the essential and unalterable requirement (which appears to be recurrent as I have already encountered three questions on this topic since the year began), it is necessary to start by creating a list of permissible options. Afterward, a selection needs to be made from the existing options.

According to theoretical analysis, there are various options available, namely:
- Samba DC + Samba client, which presents itself as an almost "Windows without Windows"; however, it requires detailed considerations before testing.
- IPA, which is utilized in the Redhat domain and features freeipa.

In contrast, UNIX prompts a "keep it simple, stupid" philosophy, which disregards Exchange entirely. Hence, a solution such as Zimbra, Zafara, or OpenXchange may be used instead. However, it is uncertain how well these solutions align with "domestic software." In case of need, though, an option would be to create a fork from raw materials.

For a single point of authentication similar to Active Directory, it's essential to consider solutions that provide a centralized identity management system. Look for platforms that offer robust user and group management capabilities along with support for multi-factor authentication to ensure security.

When it comes to distributing configurations to domain machines, including admin groups, remote resource connections, browser settings, symlink distribution, and program configurations, the ideal solution would be one that provides comprehensive management tools akin to Group Policies in Active Directory. This will help ensure seamless transition and ongoing management of the new infrastructure.

For Single Sign-On (SSO) capabilities, it's crucial to opt for a platform that can integrate with various resources such as web applications and remote resources. This will streamline the user experience and reduce the need for repetitive login prompts, thus boosting productivity across the organization.

Given your preference for a solution from a single vendor in one package, I would recommend exploring offerings from vendors known for their integrated enterprise solutions. It's important to take into account factors such as scalability, support, and the vendor's roadmap for future development to ensure a sound long-term investment.

In regard to the specific domestic software platforms mentioned, it's crucial to conduct thorough research and potentially engage in proof-of-concept testing to assess their suitability for your organization's needs. While taking into account your urgency, it's essential to strike a balance between expediency and making an informed decision that aligns with your long-term IT strategy.
If any of the mentioned systems, alt, astra, or rosa, have gained traction in your industry, it may be worthwhile to seek feedback from peers who have hands-on experience. Real-world insights can provide valuable perspectives that may not be readily available through official documentation or sales materials.