I am not a fan of Active Directory. There are other ways of doing things, but I do not have to power to change that. Our district has over fifty thousands students and over 80 locations. Such a change in infrastructure away from Active Directory would require years of planning and testing. As such, it would be easier for me to introduce widespread use of Raspberry Pi's if I could use the infrastructure tools we already have.
How does the use of AD restrict the investigation of creating new users on the Pi, and investigating user permissions?
Without being able to use AD credentials, students would not have access to their network share. Without access to a network share, all their work is stored locally on the computer. In this case, on the individual Raspberry Pi.
Would a user even be allowed root access on the Pi?
This would depend on the situation. Most cases, no.
There are ways of allowing access to the internet that do not give access to the rest of the network, and ways of allowing access to shared folders via a network logon.
Right now and for the next two or three years, access to the internet and how it is filtered is dependent on Active Directory setup. Application of the filter is important due to student data privacy laws here in the US.
Money for our ISP bill comes from the ability to block inappropriate images on all traffic. More of ERate here. http://en.wikipedia.org/wiki/E-Rate
Anyone with access to student health data cannot have access to Google Apps. If information about student data resides on Google servers and Google servers are hacked, Google will not abide by the regulations of HIPPA. More on HIPPA here. http://en.wikipedia.org/wiki/Health_Ins ... bility_Act
In addition to these concerns are necessary compliance with FERPA (http://en.wikipedia.org/wiki/Family_Edu ... rivacy_Act
), IDEA (for students with disabilities) and CIPA (http://www.fcc.gov/guides/childrens-int ... ection-act
Yes, there are ways to allow access to shares through web interfaces and the like. However, this doesn't get around compliance issues with State and Federal Law. It also prevents us from using our current infrastructure to track which student is using what computer at any given time. I would rather work on integrating AD than maintaining a whitelist of available internet sites on every Rasbpi device.
I wonder if trying to integrate the Pi into AD might be the wrong direction
Like I said, it won't be a deal breaker, but it would be the difference between specialty use and widespread use.
No AD and there will always be the roadblocks I mentioned above. Its use would be limited to a handful of devices not being using for general instruction, but special case instruction like CAD or Computer Science.
I used to manage all the districts' Linux Desktops. (They are going away now.) They were always faster and less problematic than comparable Windows boxes, but the lack of AD integration prevented any kind of Linux from being used in more settings. The distro was locked at Slackware 12.2 by the vendor of a specific piece of software that was critical. The perception of using anything that is not Windows or Mac is colored by this experience.
Hope that helps. Again, not a fan of AD or the regulations, but these are the circumstances I am working under.