Hello Timur,

Sorry for the late reply. I was busy with some other projects last weeks. Today and this weekend I will try to spend some more time in solving the problem. I'm curious to see if the 4.3.7 upgrade maybe works better. 
Thanks for your reply about the fix then I can also try that. Fingers crossed ;-)

I finally got the 4.3.7 source setup so that I can debug the athentication and discovered something that I hadn't noticed before. If the site is running in mixed mode then two of the things the ADFix was supposed to do never happens (profiles updated from the AD everytime they login and roles synchronized with the AD on every login). I went back to the 3.3.5 install that we're using on our intranet and discovered that since I commented out the Authentication line in the web.config that the same thing is happening there. I'm going to look at trying to fix it tomorrow if I have time. Basically if you're using mixed mode it's using the signin.ascx.vb instead of the windowssignin.ascx.vb which makes perfect sense. When the login button is clicked the code checks to see if the user already exists in the database. If the user does then it skips over a lot of code and signs the user in. If the user doesn't then it checks the AD Authentication and adds the user if it can. What I'm thinking is after checking if the user exists and finding out he/she does is then checking to see if anything has been setup on the Authentication page and if yes then calling the code Stuart wrote to update the profile and synch the roles. What I'm not sure on what the effect would be if an admin was attempting to use Authentication and either couldn't get it working properly or decided he/she didn't want to use it and forgot to uncheck the Windows Authentication checkbox. I want this to be as seemless as possible so that there doesn't end up being a bunch of strange posts here that don't make sense.