Active Directory Domain Services in Windows Server 2008 R2 support a new forest functional level. I am not sure if all of the features described here require the R2 functional level. I will try to find out more about this issue soon. The better PowerShell support is probably the most important enhancement. However, my favorite new feature is the new Recycle Bin.
They replace the current Active Directory command line tools. There are about 85 Active Directory-related PowerShell cmdlets
The Active Directory Administrative Center is a new task-oriented user interface for the Active Directory Services. You can perform similar tasks as with the Active Directory Users and Computers console (ADUC). It is based on the new PowerShell cmdlets and displays the PowerShell commands that correspond to the tasks performed with the GUI.
Accidently deleted Active Directory objects can be restored from the Recycle Bin. (Requires R2 functional level)
Admins can automate the joining of a Windows 7 machine to a domain during deployment with an XML file. The target computer can be offline during the deployment process. The tool that is used to join the domain is djoin.exe.
If the password of an account that is used as identity for services is changed by an admin, the managed service account feature will update all services automatically. (Requires R2 functional level)
Authentication Assurance provides an authentication mechanism that allows administrators to map specific certificates to security groups using certificate policies. Users logged on with a smart card, USB token, or some other type of certificate logon method can be distinguished in this way. This feature can be used to grant external users access to corporate resources using Active Directory Federated Services. (Requires R2 functional level)
Sander Berkouwer described the new Active Directory features in more detail.
