I was playing around with another user control yesterday that would allow me to show people who is inside an AD Group. Unfortunately, in the object model (as far as I can tell) there is one function "IsDomainGroup" that can even help out. So that inevitably brought me to use this AD Wrapper that someone created in my company. It will display the group users on a windows app on the server or on an asp .net application on the server in the c:/program files/common files/microsoft shared/web server extensions/12/templates/layouts. When I try to use it off the server it gives me a nasty error message that I do not have permissions to use System.DirectoryServices. So far I have done some googling and I saw an article about how I should change the web.config to full control. This is a no go for security reasons I am not moving from wss_medium. I find these answers unacceptable and I am going to look around for another answer. There are always ten answers to one problem and fifty other steps in between that vary on the process you take. Just remember that when you are working on a problem that is incredibly hard to solve. There is never just one answer.