When trying to edit user in Lync Control Panel 2013, I encounter this error
Active Directory operation failed on "<DC>". You cannot retry this operation: "Insufficient access rights to perform the operation
00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0".You do not have the appropriate permissions to perform this operation in Active Directory. One possible cause is that the Lync Server Control Panel and Remote Windows PowerShell cannot modify users who belong to protected security groups (for example, the Domain Admins group). To manage users in the Domain Admins group, use the Lync Server Management Shell and log on using a Domain Admins account. There are other possible causes. For details, see Lync Server 2010 Help.
Solutions
From dsa.msc (Active Directory Users & Computers) make sure that you are viewing advanced features; from the view menu select Advanced Features.
Find the user in question, edit the users properties, click the security tab, then click advanced. You need to tick the “Include inheritable permissions from this object’s parent” tick box to re propagate the required permissions.
Retry any Lync user changes and this time they should be successful.
No comments:
Post a Comment