Hope this helps give some insight to your dilemma:

In my opinion it is always best to use Windows Authentication unless it is absolutely necessary.

Better still, I like to create AD user groups per system/application/database. Usually it involves creating 3 groups. Namely: Admin (db_owner), Read only and Read/Write. In this way if a user needs access to a database they can be allocated into the correct group in AD and nothing further needs to be done inside SQL Server.

The beauty of this is that it reduces your SQL Server maintenance quite dramatically, for example: if a person leaves the company they are removed from AD thus the user is automatically removed from the relevant databases meaning less maintenance to clean up old users etc.

This method also helps to reduce the amount of users that are listed in your database or within the SQL Logins again creating an environment that needs less support.

Another advantage is your SQL Admins do not have to get involved when new users need to be given access to the databases. The AD Admins add the new users into the relevant AD Group, nothing needs to be done within SQL Server at all.