While it is not recommended to enable privileged accounts (e.g. Domain Admins) for Lync or Exchange, sometimes it is needed.
By default, Lync blocks the option when trying to enable a Domain Admin from the Lync Control Panel. In my example, I am enabling the Administrator account. I receive the following error:
Active Directory operation failed on <DC server name>. You cannot retry this operation: “Insufficient access rights to perform the operation…..”
The error is pretty explanatory. So to test out the solution in the error, we should try enabling the privileged account by:
- Logging into server as a member of the Domain Admins group
- Enabling the user using the Lync Management Shell (LMS)
So trying again from the Lync Management Shell:
Enable-CsUser Administrator –SipAddressType SamAccountName –SipDomain twhlab.com –RegistrarPool pool.twhlab.com
The command runs successfully and now the Administrator account is enabled for Lync.
Enabling privileged accounts must be performed from the Lync Management Shell.