Symptoms
Consider the following scenario. You have Microsoft Office Communications Server 2007, Microsoft Office Communications Server 2007 R2 or Microsoft Lync Server 2010 deployed in a Microsoft Exchange Server 2010 environment. You try to disable or remove a mailbox on an Exchange Server 2010 server. In this scenario, the operation fails, and you receive the following error message:
Action 'Disable' could not be performed on object 'FirstName, LastName'.
FirstName, LastName Failed Error: Active Directory operation failed on Server.domain.com. This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-XXXXXXXX, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0Cause
This issue occurs because the Exchange Server 2010 Mailbox server cannot clear the value of the msRTCSIP-Line attribute. Therefore, access is denied when you try to disable or remove a mailbox.
Resolution
To resolve this issue, install the following update rollup:
2645995 Description of Update Rollup 1 for Exchange Server 2010 Service Pack 2
Workaround
To work around this issue, manually clear the value from the msRTCSIP-Line attribute by using the Active Directory Service Interfaces Editor (ADSI Edit).
Note This is also known as AdsiEdit.msc.Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More Information
For more information about the msRTCSIP-Line attribute, visit the following Microsoft website, and then scroll down to the "Primary Phone Number" term:
General information about the msRTCSIP-Line attributeFor more information about how to edit Active Directory attributes by using the ADSI Edit tool, visit the following Microsoft website:
How to edit Active Directory attributes by using the ADSI Edit tool