Im having a few problems accessing my works Active Directory from
Delphi. Some brief history: We had a NT based domain for years, and I
have written my own 'user manager' which allowed me to carry out my
Desktop support duties. We are now moving to Active Directory and I
found that my old code for the NT domain sort of worked for the AD. I
had read access, but it would never set changes to user accounts. Now I
have decided to move from the 'NetQueryDisplayInformation' and
'NetUserGetInfo' to ADSI based code.
With ADSI I can read user information, but once again changes dont get
sent to the AD and I get "General Access Denied" errors when calling
SetInfo() for the IADSUser object. Im assuming that its some sort of
privilege problem, I know that in the AD im not a "Domain Admin",
although I do have basically the same permissions; I can manage accounts
and Add/Delete PCs from the AD. Also the AD Users and Computers MMC
lets me reset passwords and manage user accounts..
Anyway heres some code after that long essay..
ADsGetObject('WinNT://MYDOMAIN/USERTOEDIT', IADsUser, usr);
Assert(usr <> nil);
// snipped some code which loads the user obj into a form and lets the
user edit it..
//sample code to set the "User cannot change password" property
Usr.Put('userFlags', Usr.Get('UserFlags') or ADS_UF_PASSWD_CANT_CHANGE)
usr.SetInfo(); // <-- causes General ACcess Denied error.
Has anyone got any suggestions? Thanks in advance.
