I ran into a few issues working with the System.DirectoryServices namespace. The asp.net application I was troubleshooting provisioned users to Active Directory, created Exchange mailboxes, Lync accounts, assigned permissions etc. Application owners were able to modify user properties successfully but moving a user object to another OU was failing with a generic access denied message. The service account i was using had full rights to the OU structure and the rest of the code worked flawlessly.
- Every “DirectoryEntry” instantiation has to include credentials
- For binding purposes, the DistinguishedName format has to follow the typical ADSI format i.e. LDAP://mydomain.local/DN