Re: The Question Remains....
>>> ACLs are fine for a few machines, now go and manage a few hundred geographically dispersed systems...
No one has said that ACLs is how you manage a few hundred geographically dispersed systems.
>>> There are reasons why tools such as SCCM and AD exist; Systems configuration and management tools also exist for Unix/Linux - I used one back in circa 1989 for the management of 6000+ systems.
No one is saying there is no reason for these to exist, or that they are not justified, although Linux exists since the early nineties (1991).
>>> The real issue with Unix/Linux is that you generally have to go and look for these tools, rather than simply browse the MS resources. Plus the Unix/Linux tools cost compared to the MS management tools due to then not being cross-subsidised from the sales of other products.
The issue you are referring to is that you use an operating system called "Windows" which is produced by a company called "Microsoft", and are arguing that you like the Windows + Microsoft tools to manage workstations better than the equivalent tools on the Linux ecosystem, tools that you're unaware of or have never used.
I'm not going to argue that, I will simply note again some details most Windows chaps ignore.
In a Linux environment it is not a problem to have a designated server running some kind of service taking control of other machines, down to any level of detail you need. Making a computer do something remotely is as native to Linux as it is to click on the start menu in Windows.
AD is nothing but LDAP+Kerberos, DNS and DHCP in pre-configured form (yes and the GPOS and another myriad of components that do not work as well as most people think), any Linux person worth its salt is capable of setting these up and tailor them. Whether it is easier to do in Windows with MS's tools, or if there are enough Linux people out there to do that customisation in Linux, is part of another discussion.
Once the time is right and demand is there, Linux distros will provide easy point and click tools to leverage those services in a palatable form (add water and stir) to Windows sysadmins IE: IPA.
The biggest challenge Windows sysadmins face when setting up infrastructure is their lack of knowledge to separate services into components, and distinguish when an issue is platform or protocol specific, plus an annoying insistence on doing everything the MS way (which is usually the worst way even in Windows).
Example; I have seen people join Linux web-servers to AD and painstakingly modify Apache to run under the domain account, something that may have some purpose in Windows, but doesn't serve much purpose at all in Linux. I could go on and on.