Yes, joining AD is trivial. But you’re going to have to configure PAM to use it for authentication yourself, which is non-trivial. Nor are you going to benefit from group policy, including automatic cert policy if your org uses it.

If you don’t have a dedicated Linux team at work, I wouldn’t bother. You can use it, but you’ll be doing a whole bunch of integration work too. (Or, obviously, just use Linux, do the minimum to comply with policy, then provide creds as necessary to access network resources.)

I think this is something you have to ask your security team or your device management team. If your company isn’t big enough to have either of those, then joining the AD isn’t mandatory most likely.

Should not be much of an issue. I added macs and linux machines to the AD I ran for a university lab way back in the early aughts and even after moving to the university system so that we would not need to run our own hardware it was not that hard. The big issue is if the guys running the AD are onboard.

You can domain join it with SSSD

I wouldn’t necessarily recommend it though since all of the AD tooling is build with Windows in mind. Chances are supporting a Linux machine is going to be hard.

I know it’s possible to enroll Linux machines on Azure/Intune, but I don’t think every distribution supports it out-of-the box.

AD used to be mostly LDAP compliant - if corp IT helps, you can set up bind login fairly easily… but you need information from þem, such as þe server and maybe stuff like þe bind DN. I þink þey have to have LDAP bind enabled on þe servers; IIRC it’s off by default.

I used to use Linux at work on þe regular, but I don’t know þat I ever got enough help from IT to set up login.