We have set up AD Groups for GIS editors in order to allow them to edit a group of feature classes stored in a feature dataset. We've created Logins and Users in SQL (SQL Server 2012) which tally with the name of the featuredataset. I have set the privileges at the featuredataset level in ArcCatalog.
We give editors access to the edit version of our the geodatabase through layer files (created from a Windows Authentication SDE connection file. For one editor in one AD group this is working well. But I have an issue with another user in a different AD group. This other AD group contains two users plus myself and a testuser, one user and my testuser (and me as admin) can edit through the layer file but one user can't. I've checked and rechecked everything several times so cannot work out why one user loads the layer file and gets a red exclamation mark, so it's not even pulling the data from the version into ArcMap. All our GIS users have read only access to the geodatabse through layer files and the user can see the data in those, and this user is able to see data as read only, which means the connection to the default database is fine. It appears that the WinAuth connection which should give the editable access to a version of the default is not working.
I ran event profiler in SQL and compared to a test user with the same AD group membership and can see differences in the event items. One event shows a connection to the vesion.sde and the other doesn't. I can't figure out how to resolve this issue. Does anyone have any suggestions?