I was wondering if there will be any tighter level of controls on "Authenticated Users"? In the past, an authenticated user can access ldap via ADUC or some other tool, and browse into every domain in the forest. Will there be a way to limit this? thanks

What kind of limitations do you want to enforce, you can prevent AUs in some scenarios but in several casest hey require access for opertions like DNS record registration. Please look at the following white papers to see what operations you can and cannot perform in terms of limiting access: http://www.microsoft.com/downloads/details.aspx?FamilyID=f937a913-f26e-49b5-a21e-20ba5930238d&DisplayLang=en http://www.microsoft.com/downloads/details.aspx?familyid=C0DBEB7E-D476-4498-9F6C-24974FB81F1E&displaylang=en