Lync Error Insufficient access rights to perform the operation

899

Lync Error Insufficient access rights to perform the operation. I recently installed Lync 2013 on my lab setup. When I launched the Lync Server Control Panel to enable Lync account for a user, I saw an error “Active Directory operation failed on “fe.prajwal.local”. You cannot retry this operation: “Insufficient access rights to perform the operation”. This error is seen when you use Lync Server Control Panel to enable or move an Active Directory domain user for use with Lync Server. Although you may have full Enterprise access, you will still fail to add new users. Let’s see why this error comes up and what are the steps to fix this error.

The above error that is described in the post is caused by the combination of the following two reasons:

1) The user account that is part of the Lync Server move or enable operation is a member of an Active Directory, directory service protected domain security group. As the user account belongs to a Windows Server protected domain security group, it is unable to keep the RTCUniversalUserAdmins and RTCUniversalUserReadOnlyGroup Lync Server Universal Security groups and their permissions as Access Control Entries.

2) The Lync Server Control Panel is not designed to delegate the permissions of RTCUniversalUserAdmins and RTCUniversalUserReadOnlyGroup Lync Server Universal Security groups that are needed to complete the user account move or enable operation.

In order to enable an account that has admin rights for Lync, you need to login with a Lync admin account that also has domain admin rights and enable the user using Lync Shell. Using the Lync control panel will not work. The errors is seen in the below screenshot.

Lync Error Insufficient access rights to perform the operation

Open the Lync Server Management Shell and type the command.

Enable-CsUser -Identity “Name” -RegistrarPool “Pool Name” -SipAddressType EmailAddress -SipDomain domain name

For example, in my case I used the below command.

Enable-CsUser -Identity “Jason Tim” -RegistrarPool “fe.prajwal.local” -SipAddressType sip:jason.tim@prajwal.local -SipDomain prajwal.local

Lync Error Insufficient access rights to perform the operation

After you run the above command, launch the Lync Server control panel. Provide the credentials in the windows security box. Click on Users. In the search box type the first name of the user for whom Lync is to be enabled and click Find. In the search results you can see a tick under Enabled.

Lync Error Insufficient access rights to perform the operation

  • KAMRUL

    Dear Mr. PRAJWAL,
    I am really struggling to resolve the Lync Front end service starting problem. for details find the attached file

    I will be grateful if you advise in this regard.

    Thank in advance

    Regards,
    Md Kamrul Hasan Shuhel

  • Harish Kumar

    Hi Prajwal, Could you guide me how to provide Lync access through Open internet, i have tried in many ways but no luck. If you could guide are provide SOP it would be much apreciated