FileVault2 enabled?

as @McLeanSchool mentioned, in my experience it's an AD bind issue - an unbind/rebind will likely do the trick.

Also what kind of accounts local, or mobile that authenticate via AD. if there the latter then is the system connected via ethernet or wifi?

We had the same issue that affected nearly all Yosemite machines. After updating to El Capitan, a good chunk of the issue went away. Subscribing to see if anyone else has a good explanation on what would fix this.

@McLeanSchool - yeah tried unbinding and rebinding the machine to active directory and even unchecked the allow authentication from any domain in this forest to see if a local D.C. Would pick up the account and authenticate quicker.

Only additional thing I can add is that we've got EAP-TLS User based cert authentication on Macs both Wifi and Ethernet got over 150 machines working fine just this one seems to be showing issues.

@JustDeWon - FileVault 2 was enabled but when removed and fully decrypted the issue still persists

@Matt.Ellis - they're automatically created an Admin, Mobile and Managed account

I'd suggest unbinding the computer from AD, deleting the AD machine account from AD directly, then rebinding. Usually rebinding fixes for me, but I've had a few stubborn cases where this seemed to do the trick. YMMV of course.

If your Mac doesn‘t sleep or wake when expected

Does pmset -g custom show sleep value at 1?

We saw a similar issue which turned out to be related to the "Use UNC path from Active Directory to derive network home location" checkbox in the Directory Utility/AD plugin. It wasn't consistant since some folks had this enabled on the AD side. Took a while to figure that out. Once we disabled that, everything sped up on logins for our "legacy" users.

@donmontalvo - checked the sleep settings both Battery power and AC Power are set to 10

@jtrappey - Interesting fix, I tried to disable that setting, rebooting etc and it's still showing symptoms of slow/lagged login after sleep

@mbezzo - Tried the AD unbind/rebind and deleted the object from AD waited for replication etc, still no luck still showing the same symptoms, interesting thing at the moment is I have a macOS Sierra machine in a lab on dev beta 2 and it's showing me the same issue but it's random on that machine, bound to AD, FileVaulted, Casper Built, ADPassMon Enabled on Both Machines, 802.1X Configured on both machines.

man, my suggestions along with @jtrappey's have pretty much always done the trick. Just not sure what else could be going on there! Sorry!

@mbezzo - No worries, pulling my hair out too because I cannot even figure out what's going on, let me open a support req with JAMF and will update if we find a fix

We had a support case open with Apple and they suggested the below. Unfortunately, performing all these actions didn't make the problem go away completely.

Unchecking box for "Allow authentication from any domain in the forest."

Removing the UNC path and profile from user's Active Directory object

They also felt it could be network related. In terminal, when we ran a netstat -a | grep tcp4, we found that after logging in from sleep, it was connecting to a DC thousands of miles away when there were multiple DC's on site.

I guess it depends on how AD is set up.

We've always had this one on in large environments without any issues.

$ dsconfigad -show | grep Authentication
  Authentication from any domain = Enabled

We keep this one disabled:

$ dsconfigad -show | grep UNC
  Use Windows UNC path for home  = Disabled