Additionally, and where possible, I would leave the database with Integrated Security only. I know of very few instances where there is an absolute need to have an SQL Server Login ability. By having all your database user and group management controlled through Active Directory there is absolutely no chance of a SQL Server login being compromised.