Insufficient access rights to perform the operation

For testing purposes I wanted to Lync Enable the (default) administrator account in Active Directory using the Lync Control Panel. This failed with the following error:

Active Directory operation failed on “wes-dc02.wesselius.local”. You cannot retry this operation: “Insufficient access rights to perform the operation 00002098: SecErr: DSID-03150BB9, problem 4005 (INSUFF_ACCESS_RIGHTS), data 0”. You do not have the appropriate permissions to perform this operation in Active Directory.


The error is shown, but it also gives a possible solution. The domain administrator is part of a protected group (Domain Admins) and these can only be Lync Enabled using the Lync Management Shell, you can use the Enable-CSUser cmdlet to achieve this:

Enable-CsUser -Identity administrator -RegistrarPool Lync01.wesselius.local –SipAddress


Running the cmdlet doesn’t give any results, but when running a query in the Lync Control Panel you can see the administrator is now actually Lync enabled.


More information on the Enable-CSUser can be found in the Lync Server 2010 Help file or on the Microsoft Technet site:

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s