Where do I begin, since there seems to be sundry points of entry into this project. I have been asked to go through all the security groups and redo/restrict access, redesign the shares to include a more efficient DFS system. We also have 3 sites located at branch offices with DCs/DHCP in each. Also been asked to redfine roles - how do I define a role? Do I contact that person and ask them what they do? (would take an eternity) Do I call their boss and run down a list? And one of the largest priorities is that my boss wants the defaut security groups isolated from the locally-created security groups. We are planning on taking all the security groups and putting them in a new container just for our created groups. SO, where do I begin?