Here's a picture of one of the errors with some of our testing around.
Basically the ideal scenario is that our AD logins would have the ability to read and write to their own keychain hosted on our network storage, and that our computers would be smart enough to know to access this network-housed keychain, rather than trying to access the local keychain.
https://drive.google.com/file/d/0B0rUGnLS3aQJTUUtVGdMX3VTOHpJcUM2Sm0tbUZjSFVVSjhJ/view?usp=sharing
Thanks in advance for any help on this