$SAMname = "zPink.Panther"
$FullUserInfo = Get-ADUser -Filter "UserPrincipalName -eq 'John.Doe@company.com'" -Properties SamAccountName,EmailAddress
$FullUser = ($FullUserInfo).SamAccountName
$ACLPathFull = "\\server\path\$SAMname"
$Rights = [System.Security.AccessControl.FileSystemRights]::FullControl
$Inherit = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$Propogation = [System.Security.AccessControl.PropagationFlags]::None
$Access = [System.Security.AccessControl.AccessControlType]::Allow
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("$FullUser",$Rights,$Inherit,$Propogation,$Access)
$ACL = Get-Acl $ACLPathFull
Start-Sleep 2
$ACL.AddAccessRule($AccessRule)
Start-Sleep 2
Set-Acl $ACLPathFull $ACL
Set-Acl will generate the following error (see attached or typed out version below)
Set-Acl : Method failed with unexpected error code 87.
At line:1 char:1
+ Set-Acl $ACLPathFull $ACL
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (\\server\path\zPink.Panther:String) [Set-Acl], InvalidOperationException
+ FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.SetAclCommand
Server 1 - Does not work and gives the above error
Powershell Version : 5.1.14393.4350
Server 2016 v1607
Server 2 - Does work with no issues
Version : 5.1.17763.1852
Server 2019 v1809
I am admin on both servers, they are both trying to change the folder permissions the same way
Any feedback would be greatly appreciated.
Or is it as simple as the above versions are the cause?
whoami /priv has the same output