0

I'm attempting to set the description attribute in ADSI via PowerShell, but keep getting "access denied". It's executing from a non-privileged user, but the user does have Write All Properties permissions over this object. With those permissions, I don't see why I would need to be a DA to write to that attribute.

Example shown here:

$Computer = [ADSI]"LDAP://cn=TESTER,cn=Computers,dc=lab,dc=local"
$Computer.Put("description", "test")
$Computer.setinfo()
$Computer.setinfo() Exception calling "setinfo" with "0" argument(s): "Access is denied. " At line:1 char:1 + $Computer.setinfo() + ~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvokeTI`

When I don't include the parenthesis (eg: $Computer.setinfo), it sets the attribute locally but never pushes it to AD. Yes i'm running in an elevated PS session.

Ryvik
  • 363
  • 1
  • 3
  • 14
  • 1
    would you please add the full text of the error message to your Original Post? NOT a picture of the error text ... the actual text. – Lee_Dailey Oct 13 '19 at 08:24
  • `PS C:\> $Computer.setinfo() Exception calling "setinfo" with "0" argument(s): "Access is denied. " At line:1 char:1 + $Computer.setinfo() + ~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvokeTI` When I don't include the parenthesis (eg: $Computer.setinfo), it sets the attribute locally but never pushes it to AD. – Ryvik Oct 13 '19 at 08:31
  • 1
    PLEASE add the info to your Original Post - otherwise folks will either miss it OR have to dig for it. [*grin*] – Lee_Dailey Oct 13 '19 at 09:29

1 Answers1

0

As @Lee_Dailey mentioned, you'd better include the error message in the original post.

About the issue, are you running the script in an elevated prompt? It does not matter whether user has permissions on AD object or not if the resource requires running in elevated prompt. You should explicitly run as administrator if it needs. Can you please check again to see if that is the case here?

Zafer Balkan
  • 176
  • 12