I have been trying to figure out how to move the primary LDAP/PDC server to a system which only acts as the LDAP/SMB PDC. My biggest concern is that I will have to rejoin all the Windows machines to the domain, and also have other DOMAIN related issues. What I have tried is to use the smbldap-installer scripts. Since I am using CentOS5, the script doesn't quite work for installing the correct rpms. It uses the dag repositories. However, I removed the dag rpms and replaced them with rpmforge rpms for those packages. At that point, I had all the required packages installed. Then, I used net getlocalsid on the existing LDAP/PDC to get the DOMAIN sid. I then used net setlocalsid on the system that is to become the new PDC. Finally, I ran smbldap-configure to enter the rest of the information. In particular, I gave the new system the same DOMAIN information. I have run slapcat on the existing LDAP server with the intent of importing everything to the new server, but I have duplicate entries. If I delete the ldif entries from the slapcat'ed file that are the same as what the smbldap-installer script created and then sladadd what is left, this should leave me with a new system that can act as the new LDAP/SMB PDC. I checked the DOMAIN ldif info and it looks the same. I tested with one account, and I can log in on Linux with it. Without activating smb though, I can't verify the Windows login. So, before I do this, I wanted to ask the list if they see anything wrong with this approach, or is there a simpler approach? For instance, I have a slave ldap server running as well. Is it possible to just make the slave become the master, and also make it the PDC server as well? In this case, moving the ldap/pdc is just creating a slave replica and promoting it. I haven't seen any notes on how to do this though. Sincerely, Dave Hopkins