Hi guys, i'm trying to setup a samba PDC and was hoping to delegate Admin control to the "Domain Admins" Group. The backend is run off of ldap and there is no root user account in the ldap directory i set my user "james" with the rid ending in -500 i used: net rpc rights grant "TESTING/Domain Admins" SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeRemoteShutdownPrivilege SeDiskOperatorPrivilege -U james i get: Failed to grant privileges for Domain Admins (NT_STATUS_ACCESS_DENIED) does the first Admin user HAVE to have uid=0 and be in the ldap directory? if so can i just shove him in and remove him later? and does "the net rpc rights grant" command have to be run on every domain controller or does it right something to ldap so it'll know? Thanks, James