Using LDAP with DirectoryEntry or PrincipalContext in C# worked fine, I could read AD, change properties, yet when creating users or groups I got Access Denied. Even when I use the Administrator account to login on AD through my application.
Going to the AD Machine and use the same credentials I was able to create groups/users... So what is going wrong here?
Seems that the C# Application I am running also need Administrator Rights, at least more right then my curren account had... Once I ran my application with Administrator accounts I was able to create groups / users without an Access Denied error.