Unable to update identity attributes in ad using SailPoint source

Hi all,

My requirement is to append some attributes of admin users in lost of OU’s in active directory. I am able to achieve this by using a new source is dev environment (by using new source’s provisioning policies and running a sync on required identities) but when I try to replicate this in production, I am getting following error.

 1. ADConnectorServices [ Thread-7 ] ERROR : "Caught exception in Modify for identity CN=****** ,OU=*****,OU=****,OU=**,DC=**,DC=**. System.UnauthorizedAccessException: Access is denied.

   at System.DirectoryServices.Interop.UnsafeNativeMethods.IAds.SetInfo()
   at System.DirectoryServices.DirectoryEntry.CommitChanges()
   at sailpoint.services.ADConnectorServices.Modify(Boolean processExchangeAttributeUpdate, Boolean& atleastOneAttrReqFulfilled)"
   
 
   
 2. ADConnectorServices [ Thread-7 ] ERROR : "Exception caught while handling special attributes AC_NewName/AC_NewParent for identity CN=****** ,OU=*****,OU=****,OU=**,DC=**,DC=**. System.UnauthorizedAccessException: Access is denied.

I checked provisioning policies defined in dev and production and only difference i found was in “usageType”: “UPDATE_GROUP”, provisioning policies.