C# Add User to Active Directory Domain through triggering UAC to gain proper rights

Question

I am creating a little DLL, that is supposed to add a new (normal) User to the Active Directory Domain, that looks like this:

// User Information 
            string username = "MyNewUser";
            string fullname = "NewUser";
            string description = "Cool Description for My New User";
            string password = GeneratePassword();

            // Fetch current Domain
            string domainName = Environment.UserDomainName;
            MessageBox.Show(Environment.UserName);
            MessageBox.Show(System.Security.Principal.WindowsIdentity.GetCurrent().Name);

            // New User PrincipalObject
            UserPrincipal user = new UserPrincipal(new PrincipalContext(ContextType.Domain));

            // SSet Username & Password
            user.SamAccountName = username + "@" + domainName;
            user.Description = description;
            user.DisplayName = fullname;
            user.SetPassword(password);

            // Activate User Account
            user.Enabled = true;

            // Save
            user.Save();

As Adding Users to an Active Directory Domain is restricted for Domain Admins only, so I tried to prompt the UAC, in order to impersonate a Domain Administrator like this:

WindowsPrincipal principal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
            bool isAdmin = principal.IsInRole(WindowsBuiltInRole.AccountOperator);

            if (!isAdmin)
            {
                // If User is no admin, require elevated rights
                WindowsIdentity identity = WindowsIdentity.GetCurrent();
                WindowsPrincipal newPrincipal = new WindowsPrincipal(identity);

                AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
                AppDomain.CurrentDomain.SetThreadPrincipal(newPrincipal);

                // Executing Code, that requires elevated rights
                createUser();

                // Restore Unauthenticated Principal Rights
                AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.UnauthenticatedPrincipal);
            }
            else
            {
                // If User is already Admin, just execute the Code
                createUser();
            }

When I execute my code, it prompts a UAC, asking for elevated permissions. I log in with my Domain Administrator Account - but it seems that the Code is being executed by "NT-AUTHORITY\SYSTEM" and not by my Domain Administrator Account, causing the "new UserPrincipal()" Command to fail with "Access Denied".

Can you help? Thank you! Lukas

Wanted behaviour: On Executing, the UAC Prompt comes up, asks the user to login as Domain Admin and then executes my code.

I Tried:

• The little Program is part of a Visual Studio Setup Project. I tried also:

Adding to the app.manifest of the DLL:

<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />

• I tried also to add "AdminUser" to the LaunchConditions of the Visual Studio Setup Project.

• I also tried executing the Setup file with "Right-Click -> Run as Administrator"

Answer 1

Solution: A Visual Studio Setup Project is not suitable for this requirement, as it does not impersonate any user by default. Alternative Installer Frameworks (like WiX) should be used.