When adding a new Lync enabled user in the Lync Control Panel, you may have the following error message.
Active Directory operation failed on “DC01.MYDOMAIN.COM". You cannot retry this operation: “Insufficient access rights to perform the operation 00002098, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0″.
This is due to permissions on the Active Directory. Although you may have full Entrprise access, you will still fail to add new users. This can be fixes by below.
Open Active Directory Users and Computers
Click View and Selct Advanced Features
Right Click and select Properties on the users that you cannot add to Lync
Select Security and click Advanced.
Tick Include inheritable permissions from this object’s parent
Click OK and Click OK
Try to add the user again… ClickApu, it works.