Thanks for the info Mike, very helpful.  I upgraded to the 1.0.5 module and the last login dates are correct now. Still, some users are getting the login popup.

Here are some addtional things I see.  I had both the AD and the DNN authentication type enabled but login controls turned off.  (Now, only AD is enabled). In the logs, I show the majority of users with WindowsAuthentication: True, however, several entries show success without it.  For the users that were getting prompted, one fix was to go into their profile and force a password change.  Previously I had set their DNN passwords to 12345 in an attempt to force an AD resync (did not fix it) then followed that with a force password change. Then the users were then able to login fine.  However, if they logout and go to send themselves a password reminder, DNN sends them 12345.  I'm assuming that when using AD to authenticate, no password info is synced back to DNN?

Also, valid AD groups will still not update DNN role memberships; as I said before, it is actually removing them from any matching DNN roles.   ??

Last, can the remember login and forgot password options be easily turned off?

Thanks again for the replies.

Great thanks! That fixed it. I did the same for the 'Forgot Password' link and that worked as well! And yes, I'm OK with the side effect; if I can get the AD login working properly I will probably NEVER upgrade again.  :)

I've doublechecked the existing users and sent password reminders... the password is either the AD password it had previously synced or the temp password I set it to... it is not getting a random one unless I specifically do a force password change.  The random password may only be being set for first time logins but I don't see it happening for existing users at all.