Setting up a new Community Server 2.1 with Windows Authentication Module is easy. However, configuring the admin users to link to a local or AD group proved tricky. I discovered the answer on the CS form, basically the user is given the admin role when the account is created if they are in the group specified by adminWindowsGroup. If they are not in the group at the time of creation adding the user later won’t work. In CS 2.1 you can now delete a user (which is ok for a new site, where the user has no content). Otherwise your only option is to manually assign the user to the admin role.
Update: Another thing to note, setting adminWindowsGroupIsSystemAdministrator to “false” means the members of the built-in adminitrators group will not be admins on the site – only the group specified by adminWindowsGroup. Set it to “true” and you get both groups.