Move user to OU in Active Directory (Access is Denied Error)

Question

I am getting a System.UnauthorizedAccessException {"Access is denied."} error when I try to move a user to a different Organizational Unit within Active Directory.

Below is the code I am using. The error is thrown on the call to MoveTo . If I comment out the call to MoveTo then the user's telephone number updates successfully when CommitChanges is called, suggesting that is possibly not a permissions error.

Is anyone able to shed light on why I can't move the user to the new OU?

        Try

        Using Entry As DirectoryEntry = GetDirectoryEntry(DomainLogin) 'Retrieves the directory entry for the user.

            Entry.Properties("telephoneNumber").Value = "9999999" 'This successfully changes the user's phone number

            Dim strUserPass As String() = nBase.oAppControl.GetADUsernameAndPassword()

            'Create DirectoryEntry for the target OU
            Dim newLocation As DirectoryEntry = New DirectoryEntry("LDAP://testgrp.local/OU=Accounts,DC=local", strUserPass(0), strUserPass(1))

            Entry.MoveTo(newLocation) 'Throws exception
            Entry.CommitChanges()


            Return True

        End Using

    Catch ex As Exception
        Return False

    End Try

Answer 1

Although it's too late for your question, but for those who have the same issue , as I checked , The least privilege for moving user in OU is Account Operator . for sure Enterprise Admin and Domain Admin has much more privilege.