Joe, one of our Lync engineers, came to me the other day with a story. He’d run up against an error while moving a few users from an OCS 2007 R2 pool into a new Lync Server pool.
The error looked like this:
Image credit to ShyIT.WordPress.com (linked below)
Lync claimed he didn’t have sufficient access rights to perform the update. Even if you try to force it, the user update won’t go through.
Turns out the solution is pretty easy. Joe found it on the ShyIT Blog.
Lync 2010 Move User – 1 Error(s) Failed While Updating Destination pool :: www.ShyIT.co.uk
The problem isn’t strictly a Lync bug. It’s more of a bug in how Lync Server communicates with Active Directory.
If a user is in a protected Active Directory group, AD removes security inheritance for its account. Lync can’t move that user into its own pools without security inheritance. It must be re-enabled.
Re-Enable Security Inheritance, and Lync Server Welcomes the User
To correct the error and have Lync allow OCS users to upgrade into its user pools, you’ll need to modify that user’s Active Directory security permissions. Here’s how.
- Open Active Directory Users and Computers.
- Click “View” and navigate to “Advanced Features.” These must be enabled before you proceed. They probably are, but if not, enable them.
Done! This re-applies the user’s security inheritance. Lync takes it as new, and lets the user on through.
Have you encountered this error? Or another error with upgrading users from OCS 2007 to Lync 2010? Email me, or leave a comment. I’d like to hear what you did!
Heads up; next week I’ll have a short Q&A post, since it’s Thanksgiving week. We had a question about sending Lync phone numbers via email. See you back here next week.