Directory Programming .NET

Active Directory and ADAM programming support for .NET developers
Welcome to Directory Programming .NET Sign in | Join | Help
in Search
Home Forums Files Roller
Directory Programming .NET » General Discussions » Active Directory/ADAM LDAP Dis... » Re: Access is denied when create user in Active directory 2008 on window server 2008

Access is denied when create user in Active directory 2008 on window server 2008

Last post 03-17-2010, 10:32 AM by aladin. 2 replies.
Sort Posts: Previous Next

  •  02-04-2010, 1:48 AM 7785

    Access is denied when create user in Active directory 2008 on window server 2008

    Hi All,
    I have a webpage project that can create user in Active directory.
    It works fine with active directory 2003. But on Active Directory 2008 I can not create account through my webpage. It alsway show "access denied". Here is my code:
     using (Aladin.Security.RevertToAppPool.Revert())
                {
                    using (Aladin.Security.ScopeImpersonator imp = new Aladin.Security.ScopeImpersonator(this.administrativeLoginName, this.domainName, administrativePassword))
                    {
                                    using (DirectoryEntry user = ouEntry.Children.Add("CN=" + this.displayName, "user"))
                                    {
                                        this.SetDirectoryEntryProperty(user, "mail", email);

                                        this.SetDirectoryEntryProperty(user, "UserPrincipalName", this.userName);
                                        this.SetDirectoryEntryProperty(user, "sAMAccountName", this.userName);
                                        this.SetDirectoryEntryProperty(user, "userAccountControl", ((int)UserStatus.Enable).ToString());
                                        user.CommitChanges();
                                      
                                    }
                    }
                }
    private void SetDirectoryEntryProperty(DirectoryEntry entry, string attribute, string value)
            {
                if (entry.Properties.Contains(attribute))
                {
                    entry.Properties[attribute][0] = value;
                }
                else
                {
                    entry.Properties[attribute].Add(value);
                }
            }

    These above code run well if I use Administrator account. But it show message acess denied if I use other account which have the same permission with Administrator.

    Can you have me to solve this issue.
    Thanks,
    Aladin

  •  02-04-2010, 3:40 PM 7790 in reply to 7785

    Re: Access is denied when create user in Active directory 2008 on window server 2008

    The best way to troubleshoot this is to access the ouEntry.Properties["allowedChildClassesEffective"] attribute (you may need to load it via RefreshCache first) to see if both users that you attempt to log in with actually do have "user" listed as one of the values in the returned array. This will tell you if you really have the permissions that you think you have.

  •  03-17-2010, 10:32 AM 7970 in reply to 7790

    Re: Access is denied when create user in Active directory 2008 on window server 2008

    Thank You very much for your help.
    I have solved my problem.
View as RSS news feed in XML
© Dunn & Kaplan, 2008