FileMaker should authenticate the accounts in the order they are listed, so if the AD account is before the FM account it will authenticate there even if they hold down the shift key. Knowing how users behave, it wouldn't surprise me (if you've allowed them to set their own password) if their FM account not only has the same user name, but the same password as their AD account. Thus the AD account is first in the list and it is getting used even when they manually enter the credentials.
1 of 1 people found this helpful
If the account names match in AD and FileMaker security, then the one that comes first as you read down the list of FileMaker security should take effect. If you want the FileMaker one to take effect first, drag it up above the AD group name and that may fix your problem.
Well, I'll be a monkey's uncle ...
I could have sworn I read somewhere that the authentication order applied only to AD accounts, but there you have it. Thanks.