I have a problem when trying to update AD from PHP.

First the environment:
I have an AD in Win 2003 level. I also have an IIS server (win 2003) with PHP 5.2 running as an IIS ISAPI.

We have decided to maintain our personnel list in AD and replicate it from AD to a SQL Server database (for better performance), from where it is served to Intranet and (partly) to public web site. This works great so far - no hitches.

Now..where the problem lies?

We use some extended AD attributes for our dirty needs Currently this information is in the SQL Server database and I would need to transfer this to AD (so in the future the information will be updated ONLY in AD). But whatever I try I always get Insufficient access with ldap_modify.

I have delegated control to role account for this migration and added the privileges to Create, delete and manage user rights as well as Read all user information.

Now - is there something else needed on the privileges or am I missing something else?

I tried to harvest the forums but couldn't find the key to this problem.

Best regards