I searched for days on this topic myself and never found an answer, so I wanted to post my findings here to help someone else out.

Almost a year ago, people were talking about Server 2008, and how AD authentication didn't work properly.  So, I set up a new 2008 R2 server, installed DNN, it worked good.  So, I then installed the Active Directory Authentication Provider, and that too worked flawlessly.  I did that to prove a point that you didn't need all the fancy configurations that set the server back in IIS6 mode, and you didn't need the kludge of Impersonation to get it working.

So far, so good.  I deleted that server after awhile, because we were still running DNN on another server and I wasn't prepared to migrate over...

Last week, I finally did the change over to an 2008 R2 server.  Since our DNN install was on a seperate SQL server, I was able to just copy over the files and it started working.    I had to do a litlte bit of configuring with the AppPools and and permissions, but all-in-all I got it over and running on the new server pretty quickly. 

All was working that is, except the AD authentication, which was quite annoying because I had it working a few months earlier.  I played around with it a bit, and discovered that I could log into the server manually, so I knew it was configured properly.  I tried the WindowsSignIn.aspx link, and was able to log in that way, but I could not get it to automatically log in no matter what I did.  I searched all over the Internet, in this forum, etc.  Nobody had a good answer on this.  I tried every suggested configuration, even the impersonation, nothing helped.  Finally, I noticed that every time I made a change in IIS, it modified the web.config file with the changes.  I didn't realize that IIS did that, so I played around with it a bit with various settings, and got it all working.

So, to get it working...
-No impersonation is needed.
-You don't need to use the .Net Classic or Default AppPool, you can create your own if you want (must the v2.0 or higher framework)
-The AppPool can be set to use any identity you want, as long as that identity has proper permissions to the DNN folder.
-The AppPool "has" to be set on Classic Mode (not Integrated) to have auto-login work properly.

Summary: The reason I could not get these settings working was because IIS kept modifying my web.config file!   It didn't seem to matter what setting I had, even if they were the right ones, because the web.config file was modified.  Those changes never took effect, or conficted with other changes, leaving the web.config in a big mess.   To fix it, I had to change the IIS settings first, and then copy over a clean copy of the web.config file to get it working.

Hope this post helps someone else that runs into this same problem...

Finally got a chance to test this Dan. Worked like a charm for me. Thanks.

Mike,

I am sure you saw my other post from earlier. This is me poking away at it more. I found this and it initially seemed promising. I did reinstall DNN and reconfigured everything. Like the other poster here indicates, I can manually login using Windows Authentication from the home page's Login link or using desktopmodules/authenticationservices/activedirectory/windowssignin.aspx. Like the other guy, I know AD Auth works. I took his advice and changed the app pool to Classic.net at the web site level (basic settings) but when I go to the main site, I get a DNN page telling me the site is unavailable. When I go to /windowssignin.aspx I get a 401 Unauthorized. Changing the app pool back to 'Default Web Site' brings me back to normal.
What am I missing here?

Thanks,

Mike S