- AppLocker: This is a new feature in Windows 7 and Windows Server 2008 R2 that replaces Software Restriction Policies. This features provides the ability to control how (or if) users can access .exe files, scripts, .msi files, and DLLs. You essentially define rules that can be assigned to users or security groups that are based on an applications digital signature, including the publisher, product name, file name, and/or file version. And the good news is that AppLocker's Group Policy foundation requires no upgrade of domain controllers. Existing Windows Server 2003 and 2008 servers can host AppLocker policies.
- BranchCache: Implemented in either a distributed cache or hosted cache format, this feature allows branch offices to reduce the amount of excessive WAN bandwidth usage by providing a copy of the data accessed locally. The first time a user in the branch office initially accesses intranet or file servers, that data is either cached on the user's machine (in a distributed cache solution) or on a server (which must be running Windows Server 2008 R2, although it can run just the Windows Server Core version). Once again, the good news is that BranchCache can run on an R2 Member Windows Server, so no need to upgrade your domain controllers for this feature either.
- DirectAccess: This new Windows 7/Windows Server 2008 R2 feature allows users to connect to their corporate network from anywhere at any time (as long as they have an Internet connection) without connection to a VPN. Yet again, this is a feature that doesn't require R2 Active Directory Domain Services. You do need at least one domain controller running Windows Server 2008 or later.
And there are a host of others that you may be thinking about implementing, including Hyper-V R2, IIS 7.5, scalability, and management features. The majority of these features do not require you to upgrade your domain controllers.
You might be thinking, "What about new Active Directory features!? I want those features!" Well, then yes, that may require one or all domain controllers be Windows Server 2008 R2 versions.