"It's a shame Linux doesn't have sensible and modular architecture..."
I hate jumping into this conversation, but a Windows fan stating that Linux doesn't have a modular architecture shows an unholy amount of ignorance in this industry.
Linux and many Unicies are about as modular as operating systems get. Windows by the same token is very monolithic. I'm not talking about labels we apply to kernels (micro versus monolithic kernel, etc etc), I'm talking about the OS.
Try building any popular Linux distro from the ground up using packages. It's easy and you get an incredibly granular level of tools and services. Kinda of like Lego really. It's so modular there are often many solutions to the same problem - hence the multitude of desktop environments available for example.
Install Windows and you get very few choices. Desktop versions only come with a GUI, and on a server you can leave it out. Install an application an it roots itself so deep into the OS that it's difficult to completely remove. For all intents are purposes it simply becomes a part of the monolith.
Given than this arose from a discussion on authentication systems, then Unix/Windows wins hands down for a modular architecture thanks to PAM. You can have a system authenticate against practically anything imaginable, it just needs a PAM module. Contrast that to Windows, where you get a choice between local accounts and AD (i.e. more Windows). That's it.
I'm not saying that AD is bad, in fact it has a huge number of merits. Central policies, reasonably logical directory structure, easy of deployment and administration. It is a known quantity to many folks and is largely predictable, has commercial support available if you need it and does cover a number possible use cases. Likewise for Windows clients, and the whole shebang is designed to integrate quite well with itself.
Many PAM modules and even Samba don't include account lockout policies as you state. Luckily 'nixes are so flexible we can choose to easily join 'nix hosts to an AD domain to take advantage of those. If it suits the use case involved then it's a great option. We get choice here too; any of LDAP + Kerberos, Samba/Winbind, PBIS or realmd can do this for us.
Don't want to run an AD domain? Then use Samba 4, or IPA, or build your own with any number of LDAP servers available. Or NIS if you are feeling oldschool. The key thing here is the option for choice; you can pick the right tool for any given job.
By contrast with Windows, the only choice for auth you get is more Windows. That's OK in many situations too; look at many corporate environments these days. There's a lot of stuff to tweak and the policy enforcement generally works very well. But more modular and flexible it isn't - it's designed that way! That's the point that was being made.
The day we can claim that Windows is more modular than Linux is the day I can install it on my broadband router. But I can't because it's completely impractical to do. And even if it weren't, we rely on Microsoft to set the direction as we can't easily get under the hood and modify it to that degree ourselves.
The moral? We have different tools for different use cases, and that's a really good thing. But let's not lose sight of what the real differences are, or ever pretend that any one platform can do absolutely everything the best way.