These two issues can be related to group mapping. All users are able to authenticate and fall into the default group, because, by default, a group mapping allows all users into the default group.
In order to resolve this issue, try this workaround:
Choose External User Databases > Database Group Mappings > Windows Database > Default > All Other combinations, and choose No Access.
Refer to the Database Group Mappings section of Administering External User Databases for more information.