ASP.NET Core IIS Express AD Services Permissions Error

I had to create a new Dev environment for my asp.net project. It required an AD server, so I created it on the same host as my IIS server and IDE.

I transferred it over and set all the new environmental variables, but I came across an interesting problem.

When asking it to create a new AD user account I get the error:

System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
   --- End of inner exception stack trace ---
   at System.DirectoryServices.DirectoryEntry.Invoke(String methodName, Object[] args)
   at System.DirectoryServices.AccountManagement.SDSUtils.SetPassword(DirectoryEntry de, String newPassword)
   at System.DirectoryServices.AccountManagement.ADStoreCtx.SetPassword(AuthenticablePrincipal p, String newPassword)
   at System.DirectoryServices.AccountManagement.SDSUtils.InsertPrincipal(Principal p, StoreCtx storeCtx, GroupMembershipUpdater updateGroupMembership, NetCred credentials, AuthenticationTypes authTypes, Boolean needToSetPassword)
   at System.DirectoryServices.AccountManagement.ADStoreCtx.Insert(Principal p)
   at System.DirectoryServices.AccountManagement.Principal.Save()

Method (which worked until now) creates the user, however it appears as disabled in AD:

        PrincipalContext ctx = new PrincipalContext(ContextType.Domain,
            Environment.GetEnvironmentVariable("DOMAIN"),
            Environment.GetEnvironmentVariable("USER_OU"),
            Environment.GetEnvironmentVariable("SERVICE_USERNAME"),
            Environment.GetEnvironmentVariable("SERVICE_PASSWORD"));

        UserPrincipalEx usr = new UserPrincipalEx(ctx);

        usr.Name = Account.FirstName + " " + ticket.Account.LastName;
        usr.SamAccountName = Account.Username;
        usr.GivenName = Account.FirstName;
        usr.Surname = Account.LastName;
        usr.DisplayName = Account.FirstName + " " + ticket.Account.LastName;
        usr.UserPrincipalName = Account.Username + "@" + Environment.GetEnvironmentVariable("DOMAIN");
        usr.Company = Account.Company;
        usr.Department = Account.Department;
        usr.Description = Account.Description;
        usr.SetPassword(temppwd);
        usr.ExpirePasswordNow();
        usr.Enabled = enabled;


         try
        {
            usr.Save();
        }

        catch (Exception e)
        {
            Console.WriteLine(e.ToString());               
        }

I use the same piece of code in production and it works just fine. I can't see why it would behave like this in my new dev environment - or what permissions would allow it to create the account, but not enable it.

I rebuilt Dev with IIS and AD on different servers. Its a pain as its slow, but I couldn't find another solution.