How to change the user attributes(with the necessary human) in ActiveDirectory from SharePoint 2010?

Question

To retrieve data from ActiveDirectory I used the following code:

SPSecurity.RunWithElevatedPrivileges(delegate()
 (
            var currentDirectory = new DirectoryEntry(domainAddress);
));

But changing a property's value and attempt to update the values in ActiveDirectory (function CommitChanges()) generates System.UnauthorizedAccessException Message = Access is denid, because code execution carried out under the account NetworkService. I tried to use the following code to run from the current user:

using (WindowsIdentity.GetCurrent().Impersonate ())
{
             DirectoryEntry entry = new DirectoryEntry(domainAddress);
             ...
}

To run code from the current user, but continued use is generated DirectoryServicesCOMException, while user authentication is a protocol NTML. Prompt please, how is it possible to change the attributes of users in ActiveDirectory from the current user without requiring a password?

Answer 1

RunWithElevatedPrivileges uses the identity of IIS application pool in which SharePoint is running. If you have not specified an Active Directory account, but it is configured to work under the built-in Network Service account, you will get this message.