I am cross-posting this to the Active Directory Authentication Integration support and the Network Privacy support, as the problem exists only when both are active.
I have a multisite installation of WordPress 3.4.2 with the Active Directory Authentication Integration plugin (v0.6) and the Network Privacy plugin (v0.1.3).
The main site (which basically houses a list of sub-sites) (i.e. mysite.com) is set with ADAI to allow any AD user to login. The Network Privacy plugin is set to only show the site to site subscribers (or above). This works well to allow all faculty/staff/students to access the list of available sites.
Each sub-site is locked down to a particular AD group (department, class, etc.). For example, site mysite.com/test1 is set to only allow logins from the group "ITsupport" (and maps that group to "editors" for the test1 sub-site) and Network Privacy is set to allow site subscribers (and above) to access the site.
AD login works well, but I am having the following problem when I have Network Privacy installed:
UserA is a member of ITSupport in AD. He has never logged in to mysite.com or the mysite.com/test1 sub-site. When he goes to mysite.com, Network Privacy kicks him to the login screen, where he is able to successfully login with his AD credentials, because he is a member of the "Domain Users" group that is allowed to mysite.com via ADAI. So now he is logged into the WordPress Network. However, if he now goes to mysite.com/test1, Network Privacy does not let him in. Looking at the back end, this attempt to access mysite.com/test1 has not triggered ADAI's function to create the user/role for this sub-site.
If UserA logs out of mysite.com and goes directly to mysite.com/test, he is able to login (ADAI creates the user/role on the sub-site) and he doesn't have a problem with mysite.com/test1 in the future. He still has the same problem with any other sub-site that he has not DIRECTLY logged in to.