Im having a very strange issue with a subset of AD users. The users in question have multiple AD accounts with the same Long name but different short names. When they attempt to login to the Mac , they are either not allowed to login or if they have the passwords to the account set the same they are longed in but with the incorrect account. Is there a way to see any auth logs to see what the mac thinks its trying to login with or to fix this issue ?
That might be the issue. The UID that it derives from AD is the same (there is a default AD attribute it will use as I recall, and your AD might be duping them for the multiple accounts).
I know that in our environment with mapping, if there are two users with the same UID the OS will get confused and sometimes display the wrong name in the menu bar.