KB ID 0000518 Dtd 03/10/11
Seen while trying to enable a user (who is an administrator) On Microsoft Lync.
Active directory operation failed on "Servername". You cannot retry this operation: "Insufficient access rights to perform the operation"
I’m more used to seeing this problem on Exchange server to be honest, it happens because of a system called the AdminSDHolder. Which defines administrative permissions. The proper way to fix this, is to make sure you have a separate account for administrative duties to your user account. However a lot of people still don’t like doing that, for all of those, heres how to get round the problem.
1. On your domain controller > Open Active Directory Users and Computers, and locate a user that you are having a problem with > View > Advanced > Select the security tab > Advanced > Permissions and Put a tick into "Include inheritable permissions from this objects parent" > Apply OK.
2. Try to enable the user again, repeat as necessary for any other users that generate the same error.
Particularly after a migration this can continue to be a problem, you can stop it on a domain wide basis by doing this.
Related Articles, References, Credits, or External Links