hello, My apologies for my english and for not being 100% formal in my words, I'm a system engineering student (I'll do my best effort). My name is Nicol?s Guerra, I'm from Uruguay, I work in ASSE (administration of state health services) http://www.asse.com.uy this enterprise serve the half of population of my country (1.5 million clients, thousands of employes and thousands PC's connected in the network) untill now, PC were only connected into the net, with local users such (username: user, passwd: user) sometimes using some samba shares in separates servers with difrents usernames and passwords for employes for each server. We are far away to what it should be, but we are working on that. one year ago I started working with PDC, and joining WindowsXP, Windows7, Windows 8, Ubuntu 10.4 (until the newest one), and OpenSuSE 12.1 (until the newest one) to the domain, I have a master openLDAP server and a replicated openLDAP server. I must tell that it works like a charm I'm working with an replicated openLDAP and a storage server (samba, nfsserver...) that allows linux to work from mounting nfs, and authenticating with ldap, and windows speak with samba (all ok) I'm am finishing configuring one building (one portion of the enterprise), and my next goal is to configure others buildings (I'm not configuring the building itself, but the PCs within it :-)). the idea is configure other storage server with other replicated openLDAP for every building, so in every building of the enterprise, we need a pair of that (one samba, storage, nfsserver; and one replicated openLDAP server). now my problem is, I was thinking in others PDC, others domain, one domain for each building, I was googling and I read this http://samba.2283325.n4.nabble.com/one-ldap-server-and-multiple-samba-PDC-domains-td2447669.html Andrew B. wrote: "I strongly suggest running a single domain for a single organisation, backed by a single LDAP server (or replicated set of LDAP servers)." I have no "clean idea" of what I need. maybe you can sugest me some read, or some ideas of where should I start in order to make the corrects desitions in order to grow with this. This have to be higly scalable, in the end will be thousands of computers and thousands of employees, and I don't want o screw it all up. Now I'm working with virtual machines, simulating difrents domains, I'm having probblems with permissions, and domains sambaSID. I can't make windows join to the second domain, I don't know if the ldap entries should be isolated between domains entries, like: masterldap----|----|----| A B C and smbldap-populate all 'A' 'B' 'C' from difrents domains, sid, etc and A is one building with storage, samba, replicated openLDAP (only reply of A), B other building with storage samba, replicated openLDAP with 'B', the same with 'C' aon so on. I thank you, I hope you can help me to take the best desition. Sds, Nicol?s.