Active Directory uses access control to grant or deny access to objects, properties, and operations based on the identity of the user performing the access attempt. When your application binds to the directory, it binds with specific user credentials. When authenticated, these credentials determine your application's security context. Regardless of whether the credentials are those of the logged-on user, a specified user, a service account, a computer account, or an unauthenticated user (Guest/Everyone), Active Directory verifies the user's right to access an object before any operation is performed on that object. The user may, or may not, have access to a particular object, its children, its properties, or operations on that object, which means that your application must handle the potential errors caused by denied access.
For more information about security contexts and the effects of access control on various operations, see: