I need to add a new user account, set the user's group, and delete
the user account from within a VB.Net web application. All the examples
I've tried so far have not worked. I am using code like this to try to
add a user:

Dim objDomain as Object
objDomain = GetObject("WinNT://" & _strDomainName)

objUser = objDomain.Create("user", _strUsername)
objUser.SetPassword(_strPassword)
objUser.FullName = _strLastName & ", " & _strFirstName
objUser.Description = _strDescription
objUser.SetInfo()

the SetInfo() generates an exception like this:

at Microsoft.VisualBasic.CompilerServices.LateBinding.InternalLateCall(Object
o, Type objType, String name, Object[] args, String[] paramnames,
Boolean[] CopyBack, Boolean IgnoreReturn) at
Microsoft.VisualBasic.CompilerServices.LateBinding.LateCall(Object o,
Type objType, String name, Object[] args, String[] paramnames,
Boolean[] CopyBack) at AddUser(String _strUsername, String
_strPassword, String _strLastName, String _strFirstName, String
_stGroup)

Note that the code *does* work for a Windows app, but I need it to
work for a web app. It could simply be a permissions issue.

The correct answer to this question will have all of the following:

1. Be written in VB.Net
2. Require no changes to the web.config file
3. Include the simplest working examples for adding a user, setting a
user's group, and deleting a user.
4. It must work for me.

---

Clarification of Question by mindwalker-ga on 09 Jan 2006 10:22 PST

None of the suggestions so far have worked, however, I'm happy to
report that I did figure out a way to get it working. I just needed to
turn on identity impersonation for the page that creates/deletes
users. That was necessary because we are using basic authentacation
and the logged in user will have the necessary privileges if using
impersonation.

To turn on identity impersonation, I place code similar to the
following in the web.config file:

<location path="path.aspx">
<system.web>
<identity impersonate="true" />
</system.web>
</location>  

I'll close out this question.

Not sure this link will help you completely. May be you can get some
details from them.

http://www.15seconds.com/issue/011127.htm
http://forums.asp.net/316534/ShowPost.aspx

thanks
bala

Try to put ASP.NET user in Administrators Group ;)

The problem may be the credentials of the thread running in the web
application may not have privileges to modify data in Active
Directory.  You might try changing the security principle of the
thread prior to connecting to AD, possibly as follows ...

Dim principal as WindowsPrincipal 
Dim identity as WindowsIdentity identity
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal)
principal = DirectCast(Thread.CurrentPrincipal, WindowsPrincipal)
WindowsIdentity identity = DirectCast(principal.Identity, WindowsIdentity)
System.Threading.Thread.CurrentThread.CurrentCulture = New CultureInfo("en-US")

Hope this helps,
Kindageeky

None of the suggestions so far have worked, however, I'm happy to
report that I did figure out a way to get it working. I just needed to
turn on identity impersonation for the page that creates/deletes
users. That was necessary because we are using basic authentacation
and the logged in user will have the necessary privileges if using
impersonation.

To turn on identity impersonation, I place code similar to the
following in the web.config file:

<location path="path.aspx">
<system.web>
<identity impersonate="true" />
</system.web>
</location>  

I'll close out this question.