Active directory is dying along with local computer networks. Microsoft is pushing customers to Entra (formerly Azure Active directory). Modern, hybrid AD is not easy to use and difficult to manage.

Ideally you want to run all those trusted (read: security critical, if compromised entire system is no longer trustworthy) processes on separated and audited machines, but instead busy people end up running them all together because they happen to be packaged together (like FreeIPA or Active Directory), and that makes it even harder to secure them correctly.