I have a DNN portal set-up with AD authentication.  Users are not automatically authenticated they must enter their logon information.  The majority of users can log on fine, but there are a handful whose logon fails.  I have checked their AD accounts and everything appears to be in check with those.  I have this portal authenticating against an AD Distribution group.  could this be the problem?  Should I be using a Security Group instead?  Any other possible issues?

TIA

There could be a couple of things. First is password length when logging in manually. By default DNN expects seven characters so if their passwords are shorter then you need to adjust the minimum password lenght in your web.config. Second, I would check the DNN Event Viewer to see if you get any errors logged when they try to login. The last is that they could just be logging in wrong. It could be something as simple as user a / instead of a \ between the domain and their username.

You haven't got it authenticating against a distribution group and the provider authenticates against the domain as a whole and not against particular groups. Where you will run into problems is if you want to do Role synchronization. Because of bug fixes, etc. I had to change the way role synchronization was done and distribution groups will not be picked up. Only security group membership will.

Thanks for the information!

I will look at the impersonation documentation.  But, I'm really stumped as to why only a few people are having issues and not everyone trying to login!

I changed to web.config settings to mirror our AD password requirements. 
I have a script set-up to catch and correct incorrect domain syntax in the username as well as autopopulate the domain if it is left off. 
I have also walked each indvidual through each step while I'm watching and am very confident it is not user error.  
I even had them try different machines to make sure it wasn't a cache issue.

I'll work on the impersonation and see if that helps!

Thanks again!