When you configure to use the "Windows Domain" as the user store in ArcGIS Server Manager, one of the steps involves specifying the username/password of a domain account. This is how ArcGIS Server accesses Active Directory to get a list of all of the users. I suspect the password expired for the account you used in this process. This prevents ArcGIS Server from being able to authenticate with any domain users and explains why you could only access Server Manager with the primary site admin account.
I can think of only a couple of ways to work around this. One option is to reconfigure the security every time the password expires (or changes) for the account you use. Another option is to talk to your IT dept about creating a domain account for you to use whose password never expires. This is not an option for many companies though due to security policies forcing all domain accounts to change passwords on a regular basis.
Do either of you know if there is a bug report for this, and/or if it is fixed in 10.2? I know it still says "Test Connection" in the wizard, which is totally ambiguous. If it really needs that account to maintain the connection to the domain controller, it's doing more than "testing", isn't it?!? I guess it can also depend on the AD group policy, but it certainly seems like a flimsy setup.