Last few days and nights, I am working hard on the Lync Server with Edge and Director because Lync Server is new toy to me and manage to work it all.. I will share this to you all.
I have funny thing done last few hours. I was creating a new policy for External Access policy and applied to users in my lab environment. Then, some users are already applied to the External Access Policy but some are not. I noticed that the failure users are member of domain admin. Here is the image or screenshot of failure below:
Active Directory Operation failed on “dc.yourdomain.com” You cannot retry this operation: “Insufficient access rights to perform the operation 0002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF,ACCESS_RIGHT), data 0.”
You do not have the appropriate permissions to perform this operation in Active Directory. One Possible cause is that the Lyn Server Control Panel and Remote Windows PowerShell cannot modify users who belong to protected security groups (for example,
the Domain Admins groups). To manage users in the Domain Admin group, user the Lync Server Management Shell and log on using Domain Admins account. There are other possible causes. For details, see Lync Server 2010 Help.
Solution to this matter is to enable the “include inheritable permissions from this object’s parent”
Step 1:Open Active Directory for Users and Computers. Click On View Menu and select Advanced Features.
Step 2: Click a User which are member of domain admin. for example, Administrator. Right-click and click Properties.
Step 3: Go to Security Tab and click on Advanced button below:
Step 4: On Permission Tab, on lower below, click on “Include Inheritable Permission to include from this object’s parent