Answering some of these in reverse
I am pretty sure that the default group apply settings do overwrite fields with the empty fields but I’m not 100% on that which is by design. i.e. maybe you want to remove the ad settings on all computers in a group, you’d want it to overwrite with blank fields. I don’t use that plugin, so I’m not sure if that was one of the things it does different or not, it may be. It would probably be moderately difficult to change that in the plugin, but that’s just a guess.
The domain trust issues could be fog related or rather a mix of things. I would suggest double checking your user/password on the group2 domain settings. Sometimes if there is already a computer with the same name a problem occurs, not always as that is something that should be allowed. I would check the
c:\fog.log on any of the machines that are getting the errors. See if there are any error messages when fog joins them to the domain.
The first thing I would suggest trying is disabling the plugin and trying normal groups or just individual hosts for a couple hosts to isolate if the problem is in FOG or in the plugin. I would also double check the quick registration settings in the fog server and double check the default ad settings in the fog server, maybe they are set to group1 and its overwriting things at some point.