I have been trying to create a user account in an NT 4.0 domain using the WinNT provider of ADSI 2.5. This is from within an ASP page. The VBscript code that creates the user works as a standalone script and creates the new user account all the specified properties - presumable this is logged under the security context of me as Administrator. however when I connect to the ASP that contains this embedded VBSript and click to create the user I am getting an Active Directory access denied message. Presumably this is as it it the IUSR_servername account that is being used to create the new account that does have sufficient permissions to create the new user object as it doesn't have admin rights. Has anyone any idea around this? Is there a specific file to do with ADSI to which I must give the IUSR_servername account full permission? Any help or leads much appreciated - still quite new to ASP. Thanks.
If it was me, I'd put the user creation code it a separate folder and remove the IUSR permissions to that folder, granting only admin users/groups permissions to the folder.
When you go to the page with your browser, the web server will make you authenticate with your admin username, and once you do it will use your user context for the ADSI stuff.
Topic Locked
Posted - 07 November 2001 : 10:58:35
