For SOME users, a few are getting errors when running the below portion of my script. This does not happen for all objects, but some. These users having issues have full control over the OU that the user account resides in that this script is updating. The script adds a computer object from another domain and gives it full control over the user object. Randomly users receive the error "
Exception calling “CommitChanges” with “0” argument(s): “A constraint violation occurred.” It is not a permissions issue because they have full control over the user objects that they are trying to update. Any ideas?
$SysManObj = [ADSI]("LDAP://$GoldlnkDC/CN=$UPN,$OUPath") #get the user object $comp = get-adcomputer $Computer -Server $AqualnkDC #get the computer object $sid = [System.Security.Principal.SecurityIdentifier]$comp.SID $identity = [System.Security.Principal.IdentityReference]$SID $adRights = [System.DirectoryServices.ActiveDirectoryRights] "GenericAll" $RightsType = [System.Security.AccessControl.AccessControlType] "Allow" $inheritanceType = [System.DirectoryServices.ActiveDirectorySecurityInheritance] "All" $ACE = New-Object System.DirectoryServices.ActiveDirectoryAccessRule $identity, $adRights, $RightsType, $inheritanceType $SysManObj.psbase.ObjectSecurity.AddAccessRule($ACE) $SysManObj.psbase.commitchanges()