What I am looking for is a way for an application on NT to be able to verify a username/password against a PDCs ACL. Preferably straight forward API/code. The application must NOT have to have "special privaledges", i.e. I don't have to give it "act as part of operating system" or anything like that. Running while logged in as a Adminstrator or Domain Administrator should be sufficient. As well, it CANNOT rely on an outside source for validation (i.e. testing of success/failure for mapping of network drive, etc.) If Testing against a PDC is not possible, how about testing against the server that it is currently running on's ACL. THANKS!!!