Are the accounts logging into the Citrix server NT or AD? You can move the Citrix Server to the AD domain no prob. Also, why is the PDC being taken offline? You should promote another server to a PDC and original PDC to a BDC, and then take the server offline. _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Parr Sent: Tuesday, October 04, 2005 1:26 PM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Just a sanity check NT-AD trust We have a few remaining smaller NT domains that are hanging around short while until they too are upgraded to AD for one purpose: to allow a couple of NT Citrix member servers and DB servers that are still in the NT domain which is trusted by the AD domain to authenticate the users logging into Citrix with their AD accounts. The NT-AD trust allows the AD accounts to run on these Citrix servers still joined to the NT domain. Some of the IT folk here believe having one BDC in the NT domain will be sufficient to allow the login-authentication from the trust to work. I would have always assumed that a PDC is better and because a BDC is read only will run into trouble at some point. Is a BDC sufficient to allow trusted AD accounts to login and access resources? I assume best practice was to always have a PDC. Seems to be no point in having a single BDC as is so easy to promote to a BDC. Question is can the NT BDC sufficiently allow the trust to function which was previously setup before the PDC is taken offline so that the trusted AD accounts can logon to Citrix(which is in the NT domain as memb. Server) and access resources? Steve Parr Metroland Printing, Publishing and Distributing Ltd.