Hi Chrysanthi - lovely to hear from you.
First - full disclosure - I have never done this so I don't know. Here is my guess.
I think, as you suggested it is related to credentials.
I think you have four choices:
- ask the AD administrators to allow the 'Network Service' (on windows server 2003) account to update AD.
- configure your web application into a private application pool and set that pool to use an account that has update rights to AD
- use impersonation in your web site. You need a tag like this in the web config...
<identity impersonate="true" userName="trustedToUpdateAD" password="LongAndDifficultToGuess"/>
Yes - it does mean that the password is written in plain text in the web config file.
- if you are already using AD to determine who has access to the site then you could try
<identity impersonate="true" />
This means that the web server will use the credentials of the logged in user. When you connect to AD, if that user is allowed to update it should work, else it should be denied.
You need to consider what security you need in your application. I think I option 4 is probably the most secure of the three but relies on you using AD for authentication.
Do let us know how it works out for you.