When trying to delegate the permissions for a service account to update user “Title” (job title) attributes in Active Directory we found that despite effective permissions showing write permissions, access was denied.
On further instigation we found that “Write All Properties” worked, which made it even stranger.
The same issue is reported here:http://social.technet.microsoft.com/Forums/windowsserver/en-US/e7df62b5-58b0-4ef9-ba42-040170eb1a4f/access-denied-when-changing-users-job-title. The article references the need to modify the attribute in the schema, for us we opted for the Write All Properties option.