Of course you need to have the same SID as it is the sid of the domain. I think that just copying over MACHINE.SID and making the second server regenerate the secrets.tdb from it (or simply compying also the secrtes tdb) will make the two machines show the same SID and thus being controllers of the same domain. Simo. -- Simo Sorce ---------- Una scelta di liberta': Software Libero. A choice of freedom: Free Software. http://www.softwarelibero.it