I have a few Xserves running as file servers in an Active Directory environment. The golden triangle approach has worked great for me: http://www.bombich.com/mactips/activedir.html. I set mine up following those directions exactly, and here's my experiences:
I do get a password expiration notification when I log in as an AD user. I would say pay special attention to the kerberos part of the Golden Triangle approach. The key most people miss is sudo dsconfigad -enableSSO.
I think the kerberos part above would also fix this. Works both ways for me.
What I've done a few times is use Boot Camp to create a physical Windows environment, join that to AD, then let them run it via VMware Fusion from OS X if they wish.
I have a Windows server, and feel your .DS_Store pain. However, this command helps: defaults write com.apple.desktopservices DSDontWriteNetworkStores true
At the top window of Directory.app, you can select "People" to filter out the junk.
Active Directory provides the username and password, as well as some group memberships and user policies. AD only targets Windows users. I don't have admin rights on Active Directory. I have to get permission to join my Xserves to the domain. I have no ability to modify the AD schema at all. If I wanted to extend certain OS X specific policies to my Mac users, I can do so via my Open Directory master. The Bombich document explains how.
TRANSFER TO A THIRD PARTY.
a. Software Other Than Windows Anytime Upgrade. The first user of the software may make
a one time transfer of the software and this agreement, by transferring the original media, the
certificate of authenticity, the product key and the proof of purchase directly to a third party. The
first user must remove the software before transferring it separately from the computer. The first
user may not retain any copies of the software.