Issue: Unable to provision for Lync, getting error message “Insufficient access rights to perform the operation”
Problem Statement:
This is a known and common issue with Domain Administrators or Enterprise Administrators. The user account that is part of the Lync Server move or enable operation is a member of an Active Directory, directory service protected domain security group. Since the user account belongs to a protected domain security group it is unable to keep the RTCUniversalUserAdmins and RTCuniversalUserReadOnlyGroup Universal Security groups and their permissions as Access Control Entries (ACEs) to the protected domain security group's default Access Control List (ACL).
NOTE: The Lync Server Control Panel is not designed to delegate the permissions that are needed to complete the user account move or enable operation for power user.
Also provision Lync for power (Domain Admin and Enterprise Admin), you should have same access addition RTCUniversalServerAdmin and RTCUniversalUserAdmin privilege.
Resolution:
Follow the below steps in order to resolve above issue-
1. Open AD Users and Computers and turn on Advanced Features on in ADUC. (ADUC -> Views -> Advanced Feature)
2. Locate the user that is a Domain Admin or Enterprise Admin, select the Security tab, clickAdvanced and select "Include Inheritable Permissions from this object's parent" on the user object you then be able to add them for Lync.
3. Got to Lync Server, Open Lync server Management Shell. Type command to enable user for Lync. E.g.
4. Verify the user status. e.g.
PS C:\> Get-CsUser -Identity "BaluIlag"
You will see the exact status with SIP address and your RegistrarPool server.
Thank you.
No comments:
Post a Comment