Here are two quirks I have identified.
Because Zimbra can't obtain a userlist from AD to make accounts, there must be a matching "account" in both AD and ZCS . It doesn't matter about the details, just has to have the same primary username, if you want the ZCS to get it's authentication from AD. This is going to be a pain if you are creating and deleting Accounts a lot; this was the whole point of AD/Exchange.
What is a particular pain is that it can't get the contact information from AD. Com'on... what's that all about.
Even if you set the authentication to External. You can still create non-AD users in ZCS as long as you give them Administration rights. I found this odd.
You can authenticate into ZCS with alias names for any ZCS account, even though AD doesn't have aliases. This is kind of cool, but useless. What I'm interested in seeing is if Zimbra Desktop will pick up the OS authentication and just fire up without logging in, the whole point of single sign-on service of Open LDAP or AD.
Surely one of you programmer super-geeks (I'm an uber-geek) can write an extension to ZCS that can keep AD and ZCS users and directory data sync'd.