I want to, amongst other things, qury our Active Directory server for passwords. So use 389 as a directory server (using NIS scheme and netgroups) with AD passwords. Problem is... our AD uses usernames of First Last and a kerberos principle of first.last. Where as the unix (linux, AIX, HPUX, Solaris) boxes use 8char usernames. The password sync stuff I've seen isn't very clear. Does the AD samAccountName have to be the same as the unix username? Or is there somewhere on 389 or on AD where I can do a lookup? This http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Admin... seems to say there's a field ntUserDomainId that would do that job, is that used in the sync? Is there any documentation on setting this up? Zebee