I’m not very impressed by the Windows Integration module of Community Server 2.0. It provides simple SSO in a multi-domain AD environment but that’s all it does. I would like to see it pull the email address and display name of the user from AD automatically at very least. Currently, it just defaults to [logonname]@[defaultdomain], where the default domain is specified in the config and does nothing with the display name. This might work in a single domain environment, but not multi-domain.
I’d also like to see roles connected to AD groups, so that I can control access through AD administration. As it is, I have to add people to certain roles within CS. This is made somewhat more ridiculous by the fact that their CS account is only created when they first logon. In one instance I have a restricted blog (which, btw, seems to work well – security is good), so to allow a person to see it, they must first access the site, then let me know they’ve done that so I can add the role to their newly created account, after which they can access the restricted blog.
I think this needs a lot of work.