It goes without saying we all setup our environments with separate user and administrative accounts, but lets just say we wanted to enabled a member of a protected domain security group.
Using the Lync 2010 Server Control Panel you will receive the following error:
Active Directory operation failed on "dc01.exchangegeek.com". You cannot retry this operation: "Insufficient access rights to perform the operation"
We simply have to use PowerShell, which we are all using anyway, to administer members of protected domain security groups.
Enable-CsUser -Identity "daniel.noakes" -RegistrarPool "se01.exchangegeek.com" -SipAddressType EmailAddress -SipDomain exchangegeek.com
Daniel Noakes