We are Active Directory / Win2003

I've been using calls to System.DirectoryServices.DirectoryEntry( path,
username, password ) to get a list of a user's domain group access. During
local testing with me logged in, everything worked fine.

However when I moved this particular application to a staging server and
other people started testing, the application was failing to generate the
list of domain groups ... but when I logged in the application still worked.

This lead me to beleive that the username and password I was using to
initialize DirectoryEntry was not authorized to carry out the application's
LDAP request and that DirectoryEntry would then try authorizing using
whatever identity was in the executing thread's current context. Meaning
that when I was logged in, it was essentially using my credentials to talk
to the LDAP provider. And being that I'm a member of the domain admin group,
i was authorized.

So my question is: Is my presumption correct? And if yes, what are the least
privlidges I can give to a user account such that it is authorized to ask
the Active Directory for this kinf of information?

TIA//

Serial Port Class & Component
XSL - The variable or parameter '...' is either not defined or it is out of scope.
Reading and writing a large binary file fails
What causes this degugger error?
C# Software Developer Opportunity - Brisbane, Australia