When you connect to SQL using Windows group, you cannot define a default schema. It is greyed out. This means that if you want everyone to be in a specific schema, you can't do it by default. When users connect through membership in a Windows group, SQL will automatically create a separate user (mapped to the AD acct), and a schema of the same name. So say you belong to the 'DBA' group in AD, and that group has rights in testDB. When you connect for the first time, SQL will create a user in testDB called domain\username and map it's default schema to domain\username as well. This causes you to have tons of user accts in your DB that you have no use for because you're supposed to be connecting through your group 'DBA'.
The best practice from Microsoft told us to use Windows security, and this issue has lasted for almost two years without an easy fix.
If you told us to do things in certain way, you need to gave us tools to do it. The BUG is very disappointing for DBA try to implementing the best practice.
An extensive forum has discussed this issue at length and is located here: http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=159533&SiteID=17