Hello, We are using AD2008and we would like to enforce an authentication mechanism per user. e.g.1: user A has a token (OTP) and shall only authenticate using his token e.g.2: user B has a smartcard and shall only authenticate using his smartcard is AD the place to do so? I was thinking about extending the AD schema but in that case I might need to find a DLL which is enforcing this. Any other idea how to fullfill this requirements? thanks M.