Do I need Write access in AD users and computers for a group and certain user accounts to update the AD account object in my code?

Hi,
I'm using VS2012, asp.net and C#.
I right click for property in AD U&C snapin on certain users and security group(user group) and I don't see the service account id that I'm using has write access to them.  Do I need to request our network admin to grant that service account that access before I can use ldap to update those account attribute information?
Thank you.
lapuccaAsked:
Who is Participating?
 
Neil RussellConnect With a Mentor Technical Development LeadCommented:
To make any changes inside AD you need to have the account delegated the correct permissions by a domain/Enterprise admin.
Otherwise Anybody could just change what they like, not a good move.
0
 
Ben HartConnect With a Mentor Commented:
If you are making changes to an object within AD for any reason or using any method (such as code) you will need the appropriate permissions. If you know the level of access you need and if it's on specific items such as an OU, or Security Group then your admin can delegate down to a fairly granular level without giving your code more rights than it needs.
0
 
lapuccaAuthor Commented:
Thank you.
0
All Courses

From novice to tech pro — start learning today.