We have a group of SCCM admin users who perform software packaging.  I have created a custom role which combines package and application and task sequencing for their purpose and it has worked fine for about a month.

The SCCM infra is in a management domain, and the group of users is in another domain, with two way trust.

After a recent scheduled server reboot, we have this issue:

It seems that after a period of time (not sure of interval yet), the status in the SCCM console of the AD group will change to Deleted, at which point none of the users can log into the console.

At first we assumed someone had manually deleted the AD group and recreated it (a change in SID obviously), so deleted the object in SCCM and then re-added the AD group and set the role last Friday. But on checking on Monday morning, the group status has changed to Deleted again, and the users cannot login.

Has anyone else experienced this?

Can someone point me in the direction of what might be the cause or what logs to check?