Writing to AD using LDAP/C#

Hello,
The Following link may help
http://msdn2.microsoft.com/en-us/lib...25(VS.71).aspx

Regards,
Husam Al-A'araj

"Robert Iver" wrote:

Hello,

I am developing an application in C# using VS .NET 2005 that
will be accessing and updating Active Directory via LDAP. So, far I
have written the main portions, but now I am stuck on the code to
CHANGE and ADD/DELETE entries.

I'm pretty sure my problem is security related, but I can't
quite narrow it down. I bind to the root of the AD domain using an
account that is a Domain Admin on the AD server itself, HOWEVER....
the actual application is running on a user's workstation presumably
as the local system account.

Is there a way to "impersonate" this domain admin user like you
can in ASP.NET applications? I can do everything I want to do with AD
except CHANGE it in any way.

Thanks in advance for your help.....

It may not. The OP is asking about LDAP. The link you give uses WinNT:

<quote>
"This walkthrough used the WinNT service provider for Active Directory.
Other services are available, including the Lightweight Directory Access
Protocol (LDAP), the Novell NetWare Directory Service (NDS), and the Novell
Netware 3.x service (NWCOMPAT). Each provider provides a different set of
objects to allow you to examine and manipulate directories."
</quote>

If the OP is binding using a domain admin account, his code should work - at
least as far as security is concerned. What error messages are being
returned? Programming AD is a nightmare. There are so many things that can
go wrong. For a start there are three ways of accessing attributes when
using LDAP:
* Using the managed DirectoryEntry object
* Using the ADSI COM object wrapped by the DirectoryEntry object by calling
Invoke() on the DirectoryEntry object
* Using the wrapped COM object directly by obtaining it from a
DirectoryEntry object

Some attributes require one way: some require another. Or so it seems to
us.

Additionally, it seems that additions/alterations have to be made in some
specific, but unspecified in the documentation, order.

And finally, it seems that these requirements are different depending on
whether or not you are adding or updating an entry.
Peter

"Husam Al-A''araj" <Hu**********@discussions.microsoft.comwrote in message
news:4C**********************************@microsof t.com...

Hello,
The Following link may help
http://msdn2.microsoft.com/en-us/lib...25(VS.71).aspx

Regards,
Husam Al-A'araj

"Robert Iver" wrote:

>Hello,

I am developing an application in C# using VS .NET 2005 that
will be accessing and updating Active Directory via LDAP. So, far I
have written the main portions, but now I am stuck on the code to
CHANGE and ADD/DELETE entries.

I'm pretty sure my problem is security related, but I can't
quite narrow it down. I bind to the root of the AD domain using an
account that is a Domain Admin on the AD server itself, HOWEVER....
the actual application is running on a user's workstation presumably
as the local system account.

Is there a way to "impersonate" this domain admin user like you
can in ASP.NET applications? I can do everything I want to do with AD
except CHANGE it in any way.

Thanks in advance for your help.....

I am developing an application in C# using VS .NET 2005 that

>will be accessing and updating Active Directory via LDAP. So, far I
have written the main portions, but now I am stuck on the code to
CHANGE and ADD/DELETE entries.

Can you show us some code that attempts to update your AD? Maybe it's
something else entirely... Try to limit your posting to just the
relevant pieces of code (no fluff around it), and please also try to
spell out all LDAP paths etc. that you're using - we can't look into
your variables listed in your code - thanks!

Marc