Lync Server 2010 Control Panel returns the error "Insufficient access rights to perform the operation" when attempting a move user or enable user command

When using the Lync Server 2010 Control Panel to enable or move an Active
Directory, directory service domain user for use with Lync Server 2010 the
following errors are returned: Active Directory operation failed on
"". You cannot retry this operation: "Insufficient access rights
to perform the operation"

Publication Date: December 7, 2010

KB Article: 2466000

Product Version: Lync Server 2010

The error described above is
caused by the combination of the following two reasons:

  • The user account that is part of the Lync Server 2010 move or enable
    operation is a member of an Active Directory, directory service protected domain
    security group. Since the user account belongs to a protected domain security
    group it is unable to keep the RTCUniversalUserAdmins and
    RTCuniversalUserReadOnlyGroup Universal Security groups and their permissions as
    Access Control Entries (ACEs) to the protected domain security group's default
    Access Control List (ACL).
  • The Lync Server 2010 Control Panel is not designed to delegate the
    permissions that are needed to complete the user account move or enable

Click to read the complete article.

Lync Server Resources

We Want to Hear from You

Comments (3)
  1. In my test environment I also run into this issue :), reasonable easy to overcome this issue with management shell Move-CsLegacyUser command. Lync is different from OCS 2007 R2, next step is discover redundancy within this product.

  2. Nelson Coelho says:

    In these case I use Shell to enable users, and works, it's a alternative, or maybe, I think that is the unique solution…

  3. Yong says:

    It's not allowed to operate protected users (such as domain administrators) through remote access including web-based Control Panel and Powershell Remote.

    To operate those protected users, please logon into local server and run Powershell cmdlets in the console directly.

Comments are closed.

Skip to main content