If you select the "Force" check box, you receive a slightly different error, Active Directory operation failed on "dc.domain.com". You cannot retry this operation: "Insufficient access rights to perform the operation
This happens when the user you are trying to move is a member of a Windows Builtin group, such as Domain Admins. When a user is a member of one of the special Windows built-in groups, Windows will automatically remove security inheritance on that user. To complete the move, you must reapply inheritance.
- Open Active Directory Users and Computers and locate the user object
- Right-click the user and select Properties
- Click the Security tab and then the Advanced button
- Check the Include inheritable permissions from this object’s parent check box
- Click OK twice and try moving the user to the new Lync pool again
Be aware that Windows will automatically remove the inheritance setting again within a few minutes as long as the user remains a member of the Windows built-in group.