Insufficient access rights to perform the operation

For testing purposes I wanted to Lync Enable the (default) administrator account in Active Directory using the Lync Control Panel. This failed with the following error:

Active Directory operation failed on “wes-dc02.wesselius.local”. You cannot retry this operation: “Insufficient access rights to perform the operation 00002098: SecErr: DSID-03150BB9, problem 4005 (INSUFF_ACCESS_RIGHTS), data 0”. You do not have the appropriate permissions to perform this operation in Active Directory.

image

The error is shown, but it also gives a possible solution. The domain administrator is part of a protected group (Domain Admins) and these can only be Lync Enabled using the Lync Management Shell, you can use the Enable-CSUser cmdlet to achieve this:

Enable-CsUser -Identity administrator -RegistrarPool Lync01.wesselius.local –SipAddress sip:administrator@wesselius.info

image

Running the cmdlet doesn’t give any results, but when running a query in the Lync Control Panel you can see the administrator is now actually Lync enabled.

image

More information on the Enable-CSUser can be found in the Lync Server 2010 Help file or on the Microsoft Technet site: http://technet.microsoft.com/en-us/library/gg398711.aspx

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s