Some time ago I wrote a post on getting information out of Active Directory programmatically. You can do wonderful things using classes in the .NET framework.
But getting the stuff to work on my client's machine was quite a puzzle, for some kind of reason the code never returned the memberof information, the groups an account is a member of. This worked like a charm on my 2003 domain, anybody could retrieve the info. Even without providing credentials. The twist is that my client is running a Windows server 2000. In such a domain the user requiring the information has to provide credentials and be a member of the account operators group. This group no longer exists in server 2003. To get the code to work under Server 2000 was a matter of the code logging in temporarily as an account operator to retreive the memberof info.