Leave internal admin active on AD bind
If you set SC to authenticate to AD, it disables all "internal" accounts. This is a problem in that if there is an issue with the external authentication you are locked out of the software. With any software like this, there should always be a single built in admin/root account that works at all times regardless of other authentication methods. This allows the sys admin to have a way to service the system in the event of problems.
You should see this issues solved in 6.1.