Issue setting ACL on netapp filer

On NetApp Release 9.2P1 i am trying to set update the permissions to add a deny and it fails unless i run it twice. Notice that ShareSDDL sees the group i added but it does not exist ShareACLText. This is the same with computer management. If i look at the shareSDDL no rights have been assigned unless i run it twice. This did work on NetApp Release 8.3.2P10 and ONTAP 8.1 without running twice?

ShareSDDL : D:(D;;;;;S-1-5-21-xxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxxxx)(A;;FA;;;WD) ShareSDDL : D:(D;;FA;;;S-1-5-21-xxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxxxx)(A;;FA;;;WD)

The same code was used across Windows 2008R2, 2012R2,2016 and 2019 and all worked without issue.. Logic as below

$preSI = Get-netshare -Server $myfiler -name $mysharename $strPermission= $preSI.ShareACLText,"MyDomain\$($strADGroup)|Deny-FullControl" -join "," set-netshare -Server $myfiler -name $mysharename -Permissions $strPermission $X = Get-netshare -Server $myFiler -name $mysharename set-netshare -Server $myfiler -name $mysharename -Permissions $strPermission $Y = Get-netshare -Server $myFiler -name $mysharename

Server : MYFILER Name : share Path : C:\shares Description :
ABE : Disabled CachingMode : None ShareACLText : Everyone|FullControl CurrentUses : 2 ConcurrentUserLimit : -1 BranchCache : Disabled Flags : 48 Type : Disk Drive ShareSDDL : D:(D;;;;;S-1-5-21-xxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxxxx)(A;;FA;;;WD) ShareACL : System.Security.AccessControl.DirectorySecurity

Server : MYFILER Name : shares Path : C:\Shares Description :
ABE : Disabled CachingMode : None ShareACLText : MYDOMAIN\TEST_DENY|Deny-FullControl,Everyone|FullControl CurrentUses : 4 ConcurrentUserLimit : -1 BranchCache : Disabled Flags : 48 Type : Disk Drive ShareSDDL : D:(D;;FA;;;S-1-5-21-xxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxxxx)(A;;FA;;;WD) ShareACL : System.Security.AccessControl.DirectorySecurity

CamFlyerCH / FileShareUtils

Issue setting ACL on netapp filer #8