http://forums.asp.net/93.aspxQuestions about Active Directory and other directory stores, such as those accessible via LDAP, are appropriate here.enCommunityServer 2007 SP1 (Build: 20510.895)http://forums.asp.net/thread/3257961.aspxThu, 25 Jun 2009 14:08:09 GMT4c671506-2930-414c-a40b-8bf57ded5924:3257961TomRobTomRob0http://forums.asp.net/thread/3257961.aspxhttp://forums.asp.net/commentrss.aspx?SectionID=93&PostID=3257961<p>Hello,</p><p>it would be nice if someone could help me get on the right track, as I&#39;m new to AD development.</p><p>We have a technical AD user on a host that we use to write to Exchange on that machine.</p><p>The problem is that in the audit log we only see the technical user, not the client who made changes (For instance, &quot;last change&quot; when </p><p>creating a contact in Outlook)</p><p> We also have an application server (i&#39;m hoping I can treat it as relay) sitting in between so the setup is:</p><p><br /></p><p>AD &lt;-&gt; Exchange &lt;-&gt; AppServer &lt;-&gt; Client<br /></p><p><br /></p><p>(&quot;&lt;-&gt;&quot; represents network connection)</p><p>The client app is logged in at the AD machine with Kerberos, so I can get a valid Token.</p><p>The technical user lives on the Exchange side.<br /></p><p><br /></p><p>Could I simply marshal the WindowsIdentity from the client to the AD server, and then Impersonate there?</p><p>Or would I need to use AD delegation? <br /></p><p>I thought about an even simpler solution, if possible. Could the technical user not just change access attributes?<br /></p><p><br /></p><p>What do you think? Thanks for your opinions!<br /></p><p><br /></p><p><br /></p>