Samba, the standard open source implementation of Active Directory, packaged as an appliance whose domain is minted on your own virtual machine at first boot.
Samba is the standard open source implementation of the SMB protocol and of Active Directory. In domain controller mode a single service provides the four things a domain depends on: a Kerberos key distribution centre that issues tickets, an LDAP directory that stores users, groups and machines, SMB file services, and the internal DNS that Active Directory uses to advertise its own services. Windows clients, Linux machines and applications that speak LDAP or Kerberos can all join and authenticate against it.
This image is deliberate about one thing above all others, and it decides whether a domain controller image is safe to ship at all. An Active Directory domain is an identity, not merely a daemon. Provisioning mints, in a single operation, the Kerberos realm, the machine SID, the krbtgt key that signs every ticket in the domain, and the built in Administrator password. If a provisioned domain were baked into a marketplace image, every customer who deployed it would receive the same krbtgt key, and anyone holding the image could forge Kerberos golden tickets into every other customer's domain, permanently. So this image contains no domain whatsoever: no realm, no machine SID, no krbtgt key, no Administrator password and no directory database. The service is installed but left disabled and unprovisioned, and a preflight check refuses to start it until a domain exists. Your domain is created on first boot of your own virtual machine, with every secret generated on that machine.
Samba comes from the Ubuntu archive's main component, which is what makes the image patchable for the life of the release: packages in main are security maintained by Ubuntu, fixes are published to the security pocket, and unattended upgrades deliver them automatically.
cloudimg ships the domain controller with no domain in it, which is the only honest way to distribute one. Every secret that defines your domain, the realm, the machine SID, the krbtgt key that signs every Kerberos ticket, and the Administrator password, is generated on your own machine at first boot, so nothing is shared with any other customer and nothing is recoverable from the image. First boot does not merely provision and hope: it proves that Kerberos issues a real ticket and that the domain's DNS service records resolve before it reports success, and it writes the credentials to a file readable only by root. The built in Administrator password is pinned so that it never expires, because Active Directory's default maximum password age of 42 days would otherwise silently break a working domain six weeks after deployment for no security benefit. LDAP binds are refused unless they are encrypted, so directory credentials cannot cross the wire in the clear. Samba is installed from the Ubuntu archive's main component rather than a third party repository, so security fixes are backported by Ubuntu and applied automatically for the life of the release. The cloudimg charge covers packaging, hardening, security patching and 24/7 support.