Hi, I'm trying to pull user info from a student domain. I can pull a user's info from a primary domain ok, but not from the domain (student) that trusts the primary domain. Lets say the primary is staff and secondary is student. Student trusts staff, but staff does not trust student. /usr/bin/net ads search "(&(objectCategory=person) (sAMAccountName=foo))" -P -I 192.168.0.2 The command tries to pull out the users ldap account info. I'm interested in seeing if the user's account is locked or not. (514 or 512) It works on the staff domain for staff users, so I know the syntax is ok. Any way of doing this? Error back is clock skew, I will check the server times tomorrow. I'm using Mandrake linux 10.1 samba v3.0.2a ADS server 2003K SP1 ADS and kerberos mode. Is there a simple samba command that will lock or unlock a user's account. Thanks