Greetings,
I am developing a login script that writes the computer name to extensionattribute6 on the logged on users account and vica versa i.e. writes the username to extensionattribute6 of the computer account.
This must run unelevated so I have given the write permission to SELF on this attribute and applied it to descendant user objects and the same permission to descendant computer objects.
The user bit works fine. Any logged on user can update their own attribute. When writing to the computer account however, I get access denied. Why is this?
It's as though when AD goes to verify SELF, it doesn't receive the Access Token of the current computer?
Thanks
David Z