Last post Feb 20, 2014 10:35 AM by Username already in use
Feb 18, 2014 01:16 PM|Username already in use|LINK
I found strange issue: when I try delete some object from AD using ADSI Edit - it works fine, but when I am trying to delete it programmatically, I get error message that states that I have no permissions for that. I checked my credentials for Ldap connection
- they are correct. Are there any special considerations for access from code? Could it be some domain configuration error?
Thanks in advance
Feb 18, 2014 01:21 PM|Username already in use|LINK
If it matters, this object is password settings object and it was created programmatically in same way, when I check owner of this object it is me.
Feb 19, 2014 01:45 AM|Starain chen - MSFT|LINK
Thanks for your post!
According to your description, I would like to know the details as follows:
On the other hand, about Creating and Deleting Objects, please refer to:
Feb 19, 2014 05:14 AM|Username already in use|LINK
DirectoryOperationException message is "The user has insufficient access rights." and DeleteResponse.ErrorMessage is "00000005: SecErr: DSID-031520B2, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0", ResultCode is InsufficientAccessRights.
Feb 19, 2014 05:17 AM|er_abhi|LINK
Looks like the user under which the application is being run has insufficient priviledges.
Feb 19, 2014 05:57 AM|Username already in use|LINK
It looks so, but to be sure that my code works on behalf of me, I tried explicitly pass NetworkCredential with my login and password to LdapConnection (They have higher priority, correct?) and got same behavior. So if my software connects to AD with my account credentials
and ADSI Edit runs under my account, why in ADSI Edit I can delete object, but using my application - not?
Feb 19, 2014 10:23 PM|Starain chen - MSFT|LINK
Please provide the detail code to us.
This link may benefit you:
Feb 20, 2014 10:35 AM|Username already in use|LINK
Thank you for your help, Starain chen.
It was a problem with missing permissions. It seems that to delete object user must have not only permissions for that object, but permissions for container too (permission to delete children). It is still unclear for me how / why ADSI Edit works without
that additional permissions but it does not matters now because my issue is solved.