locked
ADSI Edit and System.DirectoryServices: different behavior RRS feed

  • Question

  • User-792394676 posted

    I found strange issue: when I try delete some object from AD using ADSI Edit - it works fine, but when I am trying to delete it programmatically, I get error message that states that I have no permissions for that. I checked my credentials for Ldap connection - they are correct. Are there any special considerations for access from code? Could it be some domain configuration error?

    Thanks in advance

    Tuesday, February 18, 2014 1:16 PM

Answers

  • User398825048 posted

    Looks like the user under which the application is being run has insufficient priviledges.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, February 19, 2014 5:17 AM
  • User-792394676 posted

    Thank you for your help, Starain chen.

    It was a problem with missing permissions. It seems that to delete object user must have not only permissions for that object, but permissions for container too (permission to delete children). It is still unclear for me how / why ADSI Edit works without that additional permissions but it does not matters now because my issue is solved.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, February 20, 2014 10:35 AM

All replies

  • User-792394676 posted

    If it matters, this object is password settings object and it was created programmatically in same way, when I check owner of this object it is me.

    Tuesday, February 18, 2014 1:21 PM
  • User-1454326058 posted

    Hi,

    Thanks for your post!

    According to your description, I would like to know the details as follows:

    1. The detail error message that you get.
    2. The related code.

    On the other hand, about Creating and Deleting Objects, please refer to: http://msdn.microsoft.com/en-us/library/windows/desktop/aa705898(v=vs.85).aspx

    Thanks

    Best Regards  

    Wednesday, February 19, 2014 1:45 AM
  • User-792394676 posted

    Hi,

    DirectoryOperationException message is "The user has insufficient access rights." and DeleteResponse.ErrorMessage is "00000005: SecErr: DSID-031520B2, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0", ResultCode is InsufficientAccessRights.

    Wednesday, February 19, 2014 5:14 AM
  • User398825048 posted

    Looks like the user under which the application is being run has insufficient priviledges.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, February 19, 2014 5:17 AM
  • User-792394676 posted

    It looks so, but to be sure that my code works on behalf of me, I tried explicitly pass NetworkCredential with my login and password to LdapConnection (They have higher priority, correct?) and got same behavior. So if my software connects to AD with my account credentials and ADSI Edit runs under my account, why in ADSI Edit I can delete object, but using my application - not?

    Wednesday, February 19, 2014 5:57 AM
  • User-1454326058 posted

    Hi,

    Please provide the detail code to us.

    This link may benefit you:

    http://www-12.lotus.com/ldd/doc/domino_notes/rnext/help6_admin.nsf/b3266a3c17f9bb7085256b870069c0a9/229fb633ab83738985256c1d0039dabb?OpenDocument

    Thanks

    Best Regards  

    Wednesday, February 19, 2014 10:23 PM
  • User-792394676 posted

    Thank you for your help, Starain chen.

    It was a problem with missing permissions. It seems that to delete object user must have not only permissions for that object, but permissions for container too (permission to delete children). It is still unclear for me how / why ADSI Edit works without that additional permissions but it does not matters now because my issue is solved.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, February 20, 2014 10:35 AM