Error While Enabling User For Lync – AD Operation Failed on DC.Insufficient Access Rights

The error above forms part of a frequent question in the forum these days. Let me explain how to fix it. While trying to enable a user account for Lync, you get the following error message. Active Directory operation failed on DC. You cannot retry this operation. Insufficient access rights to perform the operation. The…

The error above forms part of a frequent question in the forum these days. Let me explain how to fix it.

While trying to enable a user account for Lync, you get the following error message.

Active Directory operation failed on DC. You cannot retry this operation. Insufficient access rights to perform the operation.

Lync Error while enabling users

The account you are using has the correct rights, but the operation still fails. You can enable other users for Lync though!

The issue here is that the account you are trying to enable is a “privileged / admin” account. Most of the time the account has domain admin rights. You should ideally have separate admin account for your administration, but that doesn’t happen all the time (especially in smaller firms).

In order to enable an account that has admin rights for Lync, you need to login with a Lync admin account that also has domain admin rights and enable the user using Lync Shell. Using the Lync control panel will not work.

Run the command below in Lync Shell and your issue will be solved.

Enable-CsUser “user” –SipAddressType “type” –SipDomain “domain” –Registrarpool “pool fqdn”

Enable admin account for Lync

Once the command completed successfully, the admin account appeared in the Lync control panel.

Admin User enabled for Lync

7 Comments

  1. Many Thanks, Yes that works perfect and problem was solved. Thanks again for sharing.

    1. Rajith Jose Enchiparambil says:

      Glad it helped Ali.

  2. fazal hassan says:

    i have configured my exchange and lync server on virtual machines. i have make backup copy of both virtual machines. due to the few problems with lync server i attached backup copy of lync server with existing exchange server(AD) …and update DNS records . Lync is working fine for already enabled Users but when i try to enable new users on lync control panel give me this error:

    “Insufficient access rights to perform the operation 00002098: SecErr:DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

    i will be grate ful to your if you help in solution of this issue..

    Regards

    Fazal-i-Hassan

  3. Greate……… thanks MAN ………..it worked for me

    1. Rajith Enchiparambil says:

      Thanks Nawaz

      1. Apologies to reply an old post. There is an instant solution found as below:
        What i experienced is, this problem happens when you change user settings in lync where the user is a domain administrator. To resolve this issue, in active directory, right click on the user account you experience the problem, click security tab, press advanced. check the box “Include Inheritable Permissions from this object’s parent”.

        Thats it. try to edit the user settings in Lync now. this time it will go through without error.

        1. Rajith Jose Enchiparambil says:

          Thanks Basheer

Leave a Reply

Your email address will not be published. Required fields are marked *