Recently I've discovered a bizarre issue on my domain. I've created a script to populate the EmployeeNumber field on our users. While it is hardly best practice, I developed the script by targeting my own account. Once it was behaving as I wanted I attempted to run it against other accounts. To my confusion, the script runs without throwing any errors but makes no change to the user accounts.
I have tried several different scripts now and the behavior is always the same. One example of the script is provided below:
$objUser = [adsi]"LDAP://$dn"
$objUser.put("employeeNumber","$($SQL_SN)")
$objUser.SetInfo()
I've checked the permissions on the AD objects and everything looks fine there (i.e. no deny perms that would apply to my account). I am in the Domain Administrators security group so nothing should be blocking there.
What is even more puzzling, I can modify this field on other domain admins without problem using the same script, just not none-administrative users.
I would greatly appreciate any suggestions for solutions that I might be able to try.
Samuel