Ok. I am trying to "net rpc vampire" from my current AD domain into a ldapsam password backend so I can get the user SID to preserve profiles. I am aware that HKEY_USERS holds that SID as well. In my test environment, the SID for userA in the AD domain when taken from HKEY_USERS and put into userA's ldap entry as sambaSID preserves the profile correctly, also the last digits of the SID for userA are 1007. That same userA has a SID ending in 3018 when pulled from AD using "net rpc vampire". My question is this, is "net rpc vampire" not the way I need to go about getting the correct user SIDs from the current domain's users? I have 100+ users, and it would be nice to avoid looking at each user's HKEY_USER to get their SIDs. I hope this is clear, and thanks for your time & thoughts. Brad