Firstly some tips for those experiencing difficulties, try setting your machine's time settings under "system preferences" to get date and time automatically from the same NTP source as your AD 'PDC emulator' role holder (Domain Controller). Kerboros is quite time sensitive.
for those who cannot get their AD accounts to even begin authenticating, try adding the following under the 'Authentication' tab.
Search: "Custom Path"
add "/Active Directory/domain.name.goes.here"
Now I am staring at a screen telling me my AD administrator account is logging in. I could be waiting for the 36 hours or so mentioned in the article - hope not.
Perhaps someone could answer the following Qs for me.
* Is there some tweak available to stop the machine creating the AD Group Membership Cache?
* Is this going to happen to every user as they log in for the first time? 36 hours will be viewed as excessive login time by my management :)