I am getting a System.UnauthorizedAccessException {"Access is denied."}
error when I try to move a user to a different Organizational Unit within Active Directory.
Below is the code I am using. The error is thrown on the call to MoveTo
. If I comment out the call to MoveTo
then the user's telephone number updates successfully when CommitChanges
is called, suggesting that is possibly not a permissions error.
Is anyone able to shed light on why I can't move the user to the new OU?
Try
Using Entry As DirectoryEntry = GetDirectoryEntry(DomainLogin) 'Retrieves the directory entry for the user.
Entry.Properties("telephoneNumber").Value = "9999999" 'This successfully changes the user's phone number
Dim strUserPass As String() = nBase.oAppControl.GetADUsernameAndPassword()
'Create DirectoryEntry for the target OU
Dim newLocation As DirectoryEntry = New DirectoryEntry("LDAP://testgrp.local/OU=Accounts,DC=local", strUserPass(0), strUserPass(1))
Entry.MoveTo(newLocation) 'Throws exception
Entry.CommitChanges()
Return True
End Using
Catch ex As Exception
Return False
End Try
Although it's too late for your question, but for those who have the same issue , as I checked , The least privilege for moving user in OU is Account Operator
. for sure Enterprise Admin
and Domain Admin
has much more privilege.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.