IIS 7.5 problem with impersonate

 Hi,

We have developed an active directory web management application in c# which uses .net 4.0 classic for login, this application uses the impersonation with windows authentication. below is my web.config code

<system.web>

    <compilation debug="true" targetFramework="4.0" />
    <identity impersonate="true" />
    <authentication mode="Windows">
    
      <forms loginUrl="~/Login.aspx" timeout="2880" />
      <!--<forms loginUrl="~/Login.aspx" timeout="2880" defaultUrl="Home.aspx" />-->
    </authentication>
   
    <!--<customErrors mode="On">
    </customErrors>-->
    <membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
      <providers>
        <clear />
        <add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider,  System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADService" attributeMapUsername="sAMAccountName" connectionProtection="Secure" />
      </providers>
    </membership>
    <profile>
      <providers>
        <clear />
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
      </providers>
    </profile>
    <roleManager enabled="false">
      <providers>
        <clear />
        <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
        <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
      </providers>
    </roleManager>
  </system.web>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true" />
        <security>
            <authentication>
                <windowsAuthentication enabled="true" />
            </authentication>
           
        </security>
  </system.webServer>
</configuration>

 In iis I have enabled windows authentication & in asp.net impersonation i have enabled Authentication User. when the site is browsed from the iis server the site workes fine. if the user (including the administrator) browse from remote machine(Member of domain), we cant lists any users or group in the domain. when i disable asp.net impersonation . user from the remote computer and the local iis server can list the users and groups but not able to add,edit or delete the users and groups even if the logged in user is the member of administrator. And if i change the app pool identity to member of admin group (in my case Testadmin@domain.local) the code works fine. The only requirement for me is, if the member of domain admin group login to system and access the site there cred should be used for listing users, groups and for adding,editing & deleting user and groups

please help me to fix the problem..