The domain accounts are only created if a user can log-in successfully with her windows username and password. Are you sure _all_ of your user accounts are duplicated this way, or could it be that users try to log-on with their windows account first, which have no access rights (but can log-in never the less), and then use their EPiServer account? If this happens behind the covers, it is indeed strange. The LDAP settings have nothing to do with this, the Windows authentication handler is enabled by default, and is the one responsible for creating those domain\user accounts. See the configurable authentication chain technote for an example web.config section where you can disable the windows authentication handler (should not be neccessary though.) Note that you cannot log in using the Administrator account if you disable this in the web.config. /Steve

The real issue is that if i create a user, we can call him user1, and login using the login form i can see the users SID is set to a unique number. Then i create the same user in the domain, hit back to the web, login using the form and all the sudden i have i different SID. This mess things up when you use the User-property... I will read the technote to see if i can solve this issue.

Problem solved. Removing the WindowsAuthenticationProvider was all i needed. Thank you Steve!