sorry - i meant can you query active directory with the ip rather than computer name$_SERVER['remote_host'] and remote user are empty unless sspi actually authenticates. what i'm trying to do at the moment is configure sspi to request the user's logon data, but accept it even if it can't validate it, but thats not working very well either.The internet security software on this network uses active directory to get the username somehow, although i dont have access to it so i can't find out how it does that