Cannot move Lync 2010 user to new pool

Sunday, November 7, 2010
You may find that you are unable to move certain users to a new Lync Server 2010 registrar pool.  When you select the user and then choose Move selected users to pool from the Action menu, you enter the Destination Registrar Pool and then receive the error, "Failed while updating the destination pool".

If you select the "Force" check box, you receive a slightly different error, Active Directory operation failed on "". You cannot retry this operation: "Insufficient access rights to perform the operation

This happens when the user you are trying to move is a member of a Windows Builtin group, such as Domain Admins.  When a user is a member of one of the special Windows built-in groups, Windows will automatically remove security inheritance on that user.  To complete the move, you must reapply inheritance.
  • Open Active Directory Users and Computers and locate the user object
  • Right-click the user and select Properties
  • Click the Security tab and then the Advanced button
  • Check the Include inheritable permissions from this object's parent check box
  • Click OK twice and try moving the user to the new Lync pool again
Be aware that Windows will automatically remove the inheritance setting again within a few minutes as long as the user remains a member of the Windows built-in group.