Lync Error Insufficient access rights to perform the operation

ByPrajwal Desai Hours

Lync Error Insufficient access rights to perform the operation. I recently installed Lync 2013 on my lab setup. When I launched the Lync Server Control Panel to enable Lync account for a user, I saw an error “Active Directory operation failed on “fe.prajwal.local”. You cannot retry this operation: “Insufficient access rights to perform the operation”.

This error is seen when you use Lync Server Control Panel to enable or move an Active Directory domain user for use with Lync Server. Although you may have full Enterprise access, you will still fail to add new users. Let’s see why this error comes up and what are the steps to fix this error.

Lync Error Insufficient access rights to perform the operation

The above error that is described in the post is caused by the combination of the following two reasons:

1) The user account that is part of the Lync Server move or enable operation is a member of an AD DS protected domain security group. This user account belongs to a Windows Server protected domain security group. Hence it is unable to keep the RTCUniversalUserAdmins and RTCUniversalUserReadOnlyGroup Lync Server Universal Security groups and their permissions as Access Control Entries.

2) The Lync Server Control Panel is not designed to delegate the permissions of RTCUniversalUserAdmins and RTCUniversalUserReadOnlyGroup Lync Server Universal Security groups that are needed to complete the user account move or enable operation.

In order to enable an account that has admin rights for Lync, you need to login with a Lync admin account that also has domain admin rights and enable the user using Lync Shell. Using the Lync control panel will not work.

Lync Error Insufficient access rights to perform the operation

Open the Lync Server Management Shell and type the command.

Enable-CsUser -Identity "Name" -RegistrarPool "Pool Name" -SipAddressType EmailAddress -SipDomain domain name

For example, in my case I used the below command.

Enable-CsUser -Identity "Jason Tim" -RegistrarPool "fe.prajwal.local" -SipAddressType sip:jason.tim@prajwal.local -SipDomain prajwal.local

Lync Error Insufficient access rights to perform the operation

After you run the above command, launch the Lync Server control panel. Provide the credentials in the windows security box. Click on Users.

Type name in search box and press Find. In the search results you can see a tick under Enabled.

Lync Error Insufficient access rights to perform the operation

Avatar photo

Prajwal Desai is a Microsoft MVP in Intune and SCCM. He writes articles on SCCM, Intune, Windows 365, Azure, Windows Server, Windows 11, WordPress and other topics, with the goal of providing people with useful information.

4 Comments

  1. Avatar photo Harish Kumar says:

    Hi Prajwal, Could you guide me how to provide Lync access through Open internet, i have tried in many ways but no luck. If you could guide are provide SOP it would be much apreciated

    Reply

  2. Dear Mr. PRAJWAL,
    I am really struggling to resolve the Lync Front end service starting problem. for details find the attached file

    I will be grateful if you advise in this regard.

    Thank in advance

    Regards,
    Md Kamrul Hasan Shuhel

    Reply

    2. please find the attached

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *