Posted on:
Categories: FIM
Description:

​I ran into a few issues working with the System.DirectoryServices namespace. The asp.net application I was troubleshooting provisioned users to Active Directory, created Exchange mailboxes, Lync accounts, assigned permissions etc. Application owners were able to modify user properties successfully but moving a user object to another OU was failing with a generic access denied message. The service account i was using had full rights to the OU structure and the rest of the code worked flawlessly.

Code before:
Before
Code after:

 After

Conclusion:

  • Every “DirectoryEntry” instantiation has to include credentials
  • For binding purposes, the DistinguishedName format has to follow the typical ADSI format i.e. LDAP://mydomain.local/DN