Few of my customer are still using Skype For Business on their on-premises. Which means time and again they need to change the domain administrator as per need of the organization. So last time when their administrator got change, they faced as issue of not getting enable domain admin with Skype for Business. And they started to face the error as of below:
“Active Directory operation failed on “fqdn”. You cannot retry this operation: “Insufficient access rights to perform the operation 00002098: SecErr: DSID-03150F93, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 “.You do not have the appropriate permissions to perform this operation in Active Directory. One possible cause is that the Skype for Business Server Control Panel and Remote Windows PowerShell cannot modify users who belong to protected security groups (for example, the Domain Admins group). To manage users in the Domain Admins group, use the Skype for Business Server Management Shell and log on using a Domain Admins account. There are other possible causes. For details, see Skype for Business Server 2015 Help.”
It’s because of you don’t have enough access rights change the attribute of these users. If the user is member of Organization management or Domain Admins Group, you will face same issue.
There are two ways to get this issue resolved.
- Remove all the administrative rights of the users and then again try to enable Skype for Business.
Enable Skype For Business using PowerShell Script.
Enable-CsUser -Identity prashant -RegistrarPool "pool.pdhewaju.com.np" -SipAddress sip:firstname.lastname@example.org -SipDomain pdhewaju.com.np
This is all you can do it to Enable Admin users Skype for Business.