how realistic is it to move a company off AD entirely.
right now the answer from MS seems to be "move your insecure as shit authentication platform to 0365/Azure and let us obfuscate the insecurity away from your liability, and pay us for the privilege"