Hello, Sorry for two messages, but I thought it would make more sense to use one message per question. Why do so many (but not all) AD howtos mention LDAP? Without configuring LDAP I can use getent passwd or getent group to see the users in the AD. Is there a benefit to also editing nsswitch to query LDAP? Degbert.