We have all been in the position where we have started a new job with an existing organization where security was somewhat lax. Inevitably during the process of locking the network down you have to deal with the VPN / Dial-up access problem. The first step is to determine who already has access. This is fairly easy to accomplish using LDAP filters. (&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE)) This filter will show you all of the user accounts that have Allow Access checked...