Greetings! I set up a PDC with samba 3.0.4 and openldap-2.2.14 and use smbldap-tools to populate ldap database. I am able to use the Microsfot's User Manager (usrmgr.exe) to add and delete users. I have a few questions that I hope you can help me with. 1. smbldap-tools maps Domain Admins group to group ID 512. I created domadmins group with ID 512 in /etc/group and added test as a member of this group. After adding user test from usrmgr.exe on a window XP client, test is automatically members of Domain Admins and Domain Users. Now login as test, on the windows XP client and run usrmgr.exe, I cannot open any of the user. It always say "access denied". In sort, I can add/delete user as Administrator but cannot do the same on test although test is a member of the Domain Admins group, seeing from usrmgr.exe. Did I miss anything? There is no sign that test belong to a Domain Admins group from LDAP database. 2. The Administrator cannot read its roaming profiles. usrmgr and pdbedit show its profile is at \\pdc\profiles\Administrator. The directory is empty. What should be the correct protection and do I need some intial entries there? 3. All users, groups, computers, have to have an entry in the /etc/passwd or/and /etc/group first before usrmgr can add or delete them in ldap backend. Why couldn't samba administrating them as well? 4. I thought ldap can manaing NIS but I have not seen, sorry for my ignorance, a document to integrade NIS/Samba-PDC/openldap together. Could someone give me a pointer? Thank you! Thank you. -- Kang Sun