Hi friends, I have an application which creates. modifies, reads computer objects in AD using a specific AD service account. This account must have the following permissions: Create Computer Objects Delete Computer Objects Read All Properties Write All Properties Read Permissions Modify Permissions Change Passwords Reset User Passwords Validated write to DNS host name Validated write to service principal name I need to solve a non usual task - I need to substitute a LDAP-request made by this service account with another request. A difference is that the original request is made for a trusted domain. The substitution must look like a request for a resource domain. So that, I need to translate the request from the trusted domain to the resource domain and execute it by a specific account in the resource domain. After that I need to transform the result of execution back to the trusted domain. What do you think, this is possible? For example, using OpenLDAP as a LDAP-proxy.