MicrosoftMicrosoft
@Petri X
I think it makes a lot of sense to use three different tools to manage those things. In a large environment the people managing AD, Exchange, and Lync are three seperate entities. Why would you give Exchange administrators access to edit AD objects like security groups or non-Exchange objects or properties of a user when they don't need to touch that stuff? Why would Lync administrators care about Remote Login details or Group Policies?
Exchange has the ability, with RBAC roles, to give better flexibility to organizations to give administrators the ability to do their job without opening up ACLs in AD to allow them to do things you don't really want them to do. Instead of giving a junior administrator full-permissions with ACLs to move a mailbox, now you can give them the RBAC permissions for the Move-Mailbox cmdlet, without giving them full ACL rights to all the mailboxes in an organization.
I can't imagine a single tool available that can deal with Exchange's RBAC permissions and AD's ACLs and not being a complete mess.