Hello All, <BR>A client wants me to design an intranet application that uses Active Directory to authorise users of the application on a worldwide network which I guess has a large number of domains. Now Im definitely not an expert in networking and Windows 2000, and I cant seem to find this kind of situtation clearly explained anywhere. <BR><BR>Heres how I imagine it might work: <BR>1. Client browser opens ASP page, code in ASP page creates an object which extracts the domain (checking domains from a preset list), user name and the groups that the user belongs to within their Windows 2000 domain. (without the user having to log on for a second time - as long as they are logged onto Windows on a recognised domain) <BR>2. This info from Windows 2000 is turned into variables to be used by ASP. Using the variables, ASP then controls what the user sees and can do within the site. (using a lookup to a database) <BR><BR>I suspect that this customer is thinking in a directory tree style way - like a static html site might use. Unfortunately, it&#039;s seems difficult to apply this to ASP since one page can do lots of different things depending on which variables you feed in. <BR><BR>Also... within this system, there is a file upload utility, which isn&#039;t too difficult to work out. Only for this, they want to use Active directory to control access priveleges as well. For example if you dont belong to the &#039;Accounting&#039; group on the Windows 2000 domain, you cant upload files. But, as far as I know, if we are using a browser looking at a page served up by IIS, then we can only access that folder as an internet user. Is this right? <BR>Ive already had a look at the article "How to Validate a User Exists in a Windows Domain" - but Im still not so sure. <BR>Can I do this easily with ASP? Is it practical? <BR>Would appreciate any advice! <BR>Thanks!<BR>Greg<BR><BR>ps I posted a similar post on the ASP Q & A - with no replies. The posts are displayed in 1 day intervals, and mine got posted only a few minutes b4 midnight, so I figure nobody bothers looking back a day. I realise cross posting is one of the 7 deadly sins! (this is different I changed it a lil!)