MS is very slowly moving away from AD themselves to a "MDM" cloud-provisioning model more or less copied wholesale from what Apple did with iOS. They claim that binding machines and users to AD is optional these days, but the alternative workflow leaves a whooooole lotta gaps. Maybe in 5 years it will be a real alternative.