Unable to create new users using Directory services in Windows 200

[Guest]

I am unable to create new users using directory services in Windows 2003
server. But it is possible to create users with ASP.NET applications in
windows 2000.

I am getting "Permission Denied" and the "General access denied error "
error.

Can you please some code samples or solution for the problem.

 

[David Jessee]

the System.DirectoryServices namespace has what you need
the permission denied error comes in because the default WindowsPrincipal
that is used is machine\ASPNET. the ways around it are:

1) in your web.config, change to <identity impersonate="true"/> then the
user can make the changes assuming they have the permissions
2) in your web.config, change to <identity impersonate="true"
userName="domain\usr" password="pwd"/> then the specified account will be
used instead of the ASPNET account
3) go to the microsoft site and download aspnet_setreg so that you can put
the account information for the app in the registry.

I use #3 for everything. Every application that we create runs under a
seperate identity. Your network services group shouldn't have a problem
creating an Applitaion account for you, assuming that you can justify it.