This is possible but maybe not with your current deployment. Let's start at the top and work our way down. You have been asked to perform one tasks in two different ways. The task is to install a piece of software. The two ways are either to push the software to each machine or notify users that they must install it.
Ok, first, the push. This can be done with a number of tools. You can do it with SSH or ARD enabled. Ah, but you must know admin credentials on the machines in order to use these tools. If the deployment is BYOD, then you are in trouble because you are not aware of the local account information. This paints you into a corner. Now, the way around this is to use an MDM agent like JAMF. In this case, the device is enrolled and a management account is created on the machine to allow enterprise control of the device even if deployed in a BYOD style.
Now, if you are deploying corporate assets in BYOD style, you really should be looking at Apple DEP program (https://deploy.apple.com). Through the DEP program you can link systems to your organization and point them to your MDM server. While the user can create any account they would like, your organization still retains management (and inventory) control of the device.
If your current model is to just hand out devices and let users have at it, you basically fall back to sneaker net.
Now, to your additional points:
-They are not all manage already (some in AD)
Are the units bound to AD using domain accounts? If the devices are BYOD and the end user created a local account, the bind to the domain is almost irrelevant. Domain binding is valuable if you have a consistent local admin and all end user are domain users, logging in with their AD credentials. If you enforce password renewal this gets a little tricky when supporting a large fleet of laptops that never reboot.
-Could be any model (OSX)
Does not matter. OS X is OS X with very few exceptions. You can install OS X on anything from an SD card to a Thunderbolt drive and boot any model (provided the model is supported on the installed OS). All drivers required to boot all models are included. There is no custom drivers.
-Original / native config for sharing / remote
Not sure what you mean here. Do you mean that Screen Sharing is enabled on all devices?
-We don't know Root or Admin password and they might be all different
Don't enable root. It is not needed. But not knowing a local admin password puts you at a disadvantage with the lower end tools. This included ssh and ARD. As mentioned, your only way around this is through MDM enrollment (pure MDM will not get your software install unless it is through the App Store) and a local management agent (like JAMF).
-We do have OSX Server up to date
In a large corporate environment dominated by Windows, OS X Server is not going to be able to offer much. Enabled caching server. It alone is worth it. Additionally, if you need to support Mac file services, you can use file sharing. OS X Server also has Profile Manager. but once again, this is an MDM, so software distribution is not included.
-Apple remote Desktop install on the server
Great tool. Very capable and can make magic happen. But, you must be able to authenticate to the devices. If the scenario described above, you don't have login info. One thing you can do is create a common local admin account on all the devices. Then you can add them all to ARD. Once again, this means a visit to each device. And while ARD includes a task server, you might have a hard time maintaining audit compliance should a number of devices be off the LAN for extended periods of time.
-If we could have only the IP of most of them, we can cross-reference with other data to find them and manage the do them manual manually (last resort)
In BYOD the end user is the admin. An email to the groups stating "go here and install this software" should be enough to get users to install the software. However, if users don't believe they need the software, you are likely to get people who ignore or avoid the installation. BYOD always sounds wonderful until you are painted into a corner and spend a few weeks tracking everyone down because they fail to comply with a simple request.
-Our PC inventory showing around 12k and we do estimate to have around 1000-1500 MAC across a wide network of many VLan
That is a nice size deployment. But you need to take control of those devices, even from the simple standpoint of inventory and asset tracking. Using Apple's VPP and DEP programs while leveraging the power of an MDM like JAMF, that fleet of Macs can be managed with greater ease and effectiveness that the other 10k windows devices.
Hope this helps. Bottom line is that all your wishes are possible. You simply need to build an infrastructure to support your deployment objectives. Apple is pushing the directory-less deployment and using DEP and a tool like JAMF, you can achieve touch-less deployment. The entire setup is performed by the employee using very simple steps. The user is "in control" of the device but since it is a corporate asset, your MDM maintains sane corporate policy while also being able to distribute software.
Reid
Apple Consultants Network
Author - "El Capitan Server – Foundation Services"
Author - "El Capitan Server – Control & Collaboration"
Author - "El Capitan Server – Advanced Services"
:: Exclusively available in Apple's iBooks Store
