"JIM.H." <JI**@discussions.microsoft.comwrote in message
news:73**********************************@microsof t.com...
Accessing AD in ASP.Net
1. It sees I can I access Active Directory catalog from asp.net, is the
version of AD important for this?
Not usually. So long as you're using ASP.NET 3.5, you'll be able to query
all existing Active Directory catalogs...
2. Do I need to have a domain user for that or IIS will be accessing it?
Yes. The default account under which ASP.NET runs normally does not have
sufficient privilegs to be able to query Active Directory. However, any
domain user account usually does. You might want your web app to run under a
domain user account via impersonation, or just the subection which queries
AD - there are dozens of articles on the web about running ASP.NET under
different accounts to gain (temporary) access to more privileged
resources...
3. If I need to create a domain user, doe sit have to be domain admin?
Doesn't need to be a domain admin just to query Active Directory. However,
actions which involve writing to Active Directory usually require more
elevated privileges than come as standard with a domain user account.
Impossible to tell in your particular case without knowing how your network
security has been configured...
4. How can I restrict this user’s access only for read for only AD access?
Generally speaking, a domain user account will have read access to AD
only...
You might get a better response if you post in:
microsoft.public.adsi.general. Basically, anything Joe Kaplan tells you can
be taken as gospel...
--
Mark Rae
ASP.NET MVP
http://www.markrae.net 
