When trying to move a user to a new Lync pool within the Lync Server Control Panel you may receive the error below:
1 Error(s) – Failed while updating destination pool.
If you select the “Force” check box, you receive a different error:
This error occurs when the user is a member (or has previously been a member) of a protected Active Directory group (e.g. Domain Admins). When a user is a member of a protected AD group, AD automatically removes security inheritance for that user. To be able to move the user in Lync you need to re-apply security inheritance on the users account.
- Open Active Directory Users and Computers (ensure you are viewing advanced features “View – Advanced Features”)
- Open the user account properties for the user you want to move
- Open the “Security” tab
- Click the “Advanced” button
- Check “Allow inheritable permissions from the parent to propagate to this object and all child objects”
- Click “Apply”
You should now be able to move the user to a new Lync 2010 pool. The AD AdminSDHolder will remove the inheritance from this user again so you need to move the user straight away.
I encountered this error when moving users from an OCS 2007 R2 pool to a Lync 2010 pool.