We use active directory groups that match database server groups/roles.
Doing it this way, we just had to create 3 roles/groups on the sql server for our application that are mapped to active 3 directory groups - we needed this groups for different database access rights (Reader / Writer / Admin)
All "user administration" is done now via active directory.
Here is a nice video that explains how it works:
SQL Server DBA Tutorial 52- How to create Windows Group Authentication Login in SQL Server - YouTube
hth
Arnd