The attack vectors I’m thinking of just come from the inherent complexity and centralization. I’m just considering the amount of damage that can be done with a compromised DA account for example vs a non directory environment.
It’s complicated. Done right it can be more secure, not done right it’s less secure.
I also only get brought in for problems for the last however many years, so I’m probaby a bit biased at this point haha.
I have had to tell companies they are going to have to rebuild thier AD from scratch because they didn’t know what thier DSRM password was (usually after a ransomware attack). These are the sort of hassles I think about vs non AD.
This is how email servers have worked for decades - there is no silver bullet and this comes closest. If you poorly admin your email instance, say allowing it to be an open relay (same as just allowing open registrations), you get blacklisted everywhere aka defederated. Same if you have a compromise and someone starts spamming out.