I realize that this is a really old thread and the specific problem is probably already solved but I thought I would comment since this is a topic that OSM has been dealing with for years and one that IT analysts are just now becoming aware of.
There are several commerecial products available to streamline the process of managing user accounts. What's more most of these tools allow you to enforce much stricter security measures via role based access control, detailed audit trails and password strengthening (rules/aging etc).
Commercial identity management software is expensive but if you have 5000 user accounts on your network (plus how many more in active directories on the Windows side?) I'd be willing to bet that you are spending a *significant* amount of time doing mundane activities like creating/modifying/deleting user accounts and resetting passwords. Couldn't you find more productive use of that time?
When the CEO says "Why the hell should we spend a boatload of money on identity management?!" It should be easy to prove the return on investment with the increased efficiency and much greater security.
There is a white paper available at
http://www.cosuser.com that details typical problems and outlines OSM's identity management solution, COSuser. Novell has also recently published an interesting white paper on identity management practices in global 2000 organizations. I don't have the link handy but you can search for it on their site.