Problem with folder permission

Hi all, i’m a newbie in powershell, months ago I was helped by some forum users, so I’m still here asking for your help.
I have a problem that I cannot solve, I need to assign the permissions listed as follows to a folder:

  • Username (full Control)
  • Domain Admins (full Control)
  • FS technicians (Full Control).
    I copy the permissions of a folder to the destination folder but the user for which I am running the script is not entered and the permissions are like this:
  • Domain Admins (Full Control)
  • Domain User (Read)
    Technical FS (Full Control).
    Above the script
    Thanx all for the help
    The error begin on line 75.
Remove-Variable * -ErrorAction SilentlyContinue; Remove-Module *; $error.Clear(); Clear-Host

Add-Type -AssemblyName System.Windows.Forms

#[System.Windows.MessageBox]::Show('ATTENZIONE: lo script può essere lanciato solo in contesto Amministrativo (a+username)')

$FileBrowser = New-Object System.Windows.Forms.OpenFileDialog -Property @{
    Multiselect = $true


$ADUsers = Import-Csv -Path $FileBrowser.FileNames -Delimiter ';'

$ADUsers | Where-Object { $_.username -match '\S'} | ForEach-Object {
    $Username = $_.username
    if (Get-ADUser -Filter "SamAccountName -eq '$Username'" -ErrorAction SilentlyContinue) {
        Write-Warning "A user account with SamAccountName '$Username' already exist in Active Directory."
    else {
        $userParams = @{
            SamAccountName        = $_.username
            UserPrincipalName     = "$($_.username)"
            Name                  = $_.username
            GivenName             = $_.givenName
            Surname               = $
            Enabled               = $true
            DisplayName           = $_.username
            Path                  = $_.path
            AccountPassword       = (ConvertTo-SecureString $_.Password -AsPlainText -Force)
            ChangePasswordAtLogon = $true
            description           = $_.description
            OfficePhone           = $_.telephoneNumber
            EmailAddress          = $_.mail
            POBox                 = $_.postOfficeBox
            ScriptPath            = $_.scriptPath
            HomeDirectory         = $_.homeDirectory
            HomeDrive             = $_.homeDrive
            MobilePhone           = $
            HomePhone             = $_.HomePhone
            Title                 = $_.Title
            Department            = $_.department
            Company               = $
        #Creazione Quota W:\
        $PSScriptRoot = “\\\fs\Gestione Tecnologie e Sistemi Informativi\UOC Gestione Strutture Tecnologiche\Quota_Set”
        $arg = ("-n {0}" -f $Username)
        $proc = Start-Process -FilePath "quota_create_unity.cmd" -WorkingDirectory $PSScriptRoot -ArgumentList $arg -Wait -PassThru 
        if ($_.manager) {
            $userParams.Manager = $_.manager
        if ($_.accountExpires) {
            $userParams.AccountExpirationDate = $_.accountExpires
        New-ADUser @userParams -PassThru | 
            Set-ADUser -Replace @{pager = $($_.pager)}
            $Inputstring = $($_.MemberOf)
            $CharArray =$Inputstring.Split(",") 

            ForEach ($Items in $Username)

                if (!$CharArray -eq "" -or !$CharArray -eq $null)  {
                Add-ADPrincipalGroupMembership -Identity $Username -MemberOf $CharArray }
                Get-ADuser "$Username" |Set-ADuser -Replace @{PrimaryGroupID = $($_.PrimaryGroupID)}
        #Start-Sleep -s 5
        #Modifica ACL per cartella W:
                    $PathTRG="\\\fs\utenti\" + $Username
                    Get-acl $PathSRC | Set-Acl $PathTRG
                    $acl = Get-Acl $PathTRG
                    $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($Username,'FullControl',('ContainerInherit,ObjectInherit'),'None','Allow')
                    $acl | Set-Acl $PathTRG
        #lancio Chrome per registrazione utente su Domino
        Start-Sleep -s 5
        $null =[System.Diagnostics.Process]::Start("chrome.exe","$url")
        #Write-Host "Created new user '$Username' with initial password: $($_.Password)"
        #Write-Host "gruppi a cui appartiene= $($_.MemberOf)"

The error is here:

It would be great if you can convert the error to English which is the forum language.

Sure, sorry my OS is in Italian,below the translation:

Set Acl: unable to convert part and or all of the identity references

Exception when calling “SetAccessRule” with “1” argument (s):unable to convert part and or all of the identity references

Set Acl: unable to convert part and or all of the identity references

Helpdesk users who run this script, and see the error, belong to the AD Account Operators group. If I try it with the Domain Admin user everything works fine. It seems that the Account Operators group does not have the privileges to write ACLs, is this possible? If so, what privileges must the user have to modify and write permissions on a folder? Thank you

I Solved, this work:

$PathTRG = ('\\\fs\utenti\' + $Username)

#1 - Rimuovere hineritance dalla Homefolder del nuovo utente
icacls $PathTRG /inheritance:d

#Rimuove i domain users dalla cartella del nuovo utente
icacls $PathTRG /remove "pdc-cued\domain users"

#Aggiunge all'utente gli attributi di fullcontrol:
#icacls $PathTRG /grant:r '"pdc-cued\Pippo:(OI)(CI)(F)"' /T /C

$rule = $Username + ':(OI)(CI)(F)'
icacls $PathTRG /grant $rule /T /C