Does a PDC have to be on the same subnet ? If not how did configure the workstations which are not on the same subnet ...?

Not exactly, but you do have to find a way to route the two subnets together. A good way would be to have two NICs on the PDC, one on each subnet with IP forwarding enabled. Hope this helps.

What's the idea behind this? In a lager subnetted network you might want to place a BDC in each subnet, especially when using WAN connections...

First thank you for your response. The Problem : - i have a group of servers with ip numbers. I have a bunch of desktops which operate on address translation. If i have the PDC on one subnet, the others (either Servers or desktops) can not logon via the PDC, though they both are able to browse. This is all lan based. I have no BDC at the moment. I need one .. yes but can i get all the users to logon to one pdc from two differnt subnets? How... i'm not sure. Tried to set lmhosts.. not working, even with pre and dom settings. All connected via a switch. Jonpaul

Yes, but if each subnet has it's own BDC the it wouldn't have to cross to the other subnet to authenticate. The BDC's would be connected to the PDC thru trust relationships and there would still have to be some sort of routing or WINS\DNS to provide network browsing to the subnets. Also, each location would most likely have a router as well.

There are multiple issues here: 1. Single NT domain or Multiple domains? trusts are only used only when more then one NT domains are involved. 2 Logon When a or more BDC's are used, they do the logon validation; not the PDC 3 Routing is needed when using subnets to be connected to each other... If there's no WAN connections involved,(are all pc's and server's in the same building?) you should consider using only one ip net, no subnets.(how many pc's and servers are we talking about?)

Single domain.... 25 desktops 15 servers sercurity is an issue... The interal subnet is routed through address translation which routes outgoing only traffic. I want the PDC outside of this network to be able to service logons from desktops coming through the Address translation. All ports are open, but they must be opened by the internal computer first. The servers on the outside with the PDC are before another firewall which has te link + webservers. I think maybe the address translation is preventing the diffenet subnets fro using the PDC. But is it possible to route Logon requests. Can 2 subnets with no firewall + using WINS process the logon? Jonpaul (I have wins also on the PDC. Small company..... ) Thanks for the responses...