Hi, Why use the ldapper. see appendix A in technote "security in episerver" on how to configure AD connection. Or this faq: http://www.episerver.com/en/EPiServer_Knowledge_Center/FAQ_EPiServer_4/901/Using-AD-groups-without-the-ldapper/ If you enable EPiServer Logging at Debug level you will get more detailed information on what goes wrong, For example maybe this?: "The trust relationship between the primary domain and the trusted domain failed" http://www.episerver.com/en/EPiServer_Knowledge_Center/FAQ_EPiServer_4/982/The-trust-relationship-between-the-primary-domain-and-the-trusted-domain-failed/ However, if you contact EPiServer Support we can send you a ldap connection test script. Regards Per

Hi

We also have problems like teh one mentioned above. We are upgradi9ng our Intranet from 4.31 to 5 sp2.

We have installed EPi 5 sp2 on our web server, where our current intranet resides (Epi 4.31). The web server is in DMZ and the domain controller is inside on our production network.

After long time of research we have found that: System.Web.Security.ActiveDirectoryMembershipProvider demands that the firewall ports 137 to 139 must be opened (NETBios protocol)? Plus port 88 (Kerberos protocol). Maybe also port 445 (smb protocol)

4.31 has only used port 389 for accessing the AD?

Our network technicians want to know why the ports has to be open. Do anyone have documenattion why the ActiveDirectoryMembershipProvider needs thos ports open? We need that kind of documentation.

Best Regards