Attempting to enable a user for Microsoft Lync Server 2010 throws the error: “Enable-CsUser : Cannot move legacy user in enable operation. Use the Move user cmdlet instead.”

Problem

I recently deployed Microsoft Lync Server 2010 in a small environment and was told that Microsoft LCS and OCS was never deployed so I went ahead and treated the environment as a greenfield but as soon as I began to enable users for Lync, I noticed that some users would throw the following error when I try to enable them in PowerShell:

PS C:\Users\tluk-admin> enable-csuser -identity domain.local\dtrott -registrarpool ly
ncpool01.domain.local -sipaddresstype samaccountname -sipdomain domain.com
Enable-CsUser : Cannot move legacy user in enable operation. Use the Move user
cmdlet instead.
At line:1 char:14
+ enable-csuser <<<<  -identity domain.local\dtrott -registrarpool lyncpool01.ccs.in
t -sipaddresstype samaccountname -sipdomain domain.com
    + CategoryInfo          : InvalidOperation: (:) [Enable-CsUser], InvalidOp
   erationException
    + FullyQualifiedErrorId : ProcessRecord,Microsoft.Rtc.Management.AD.Cmdlet
   s.EnableOcsUserCmdlet

PS C:\Users\tluk-admin>

As some of you have already guessed, the reason why I am getting this error is because the user I was trying to enable for Lync was at one point enabled for Microsoft OCS and therefore the Enable-CsUser cmdlet is recommending that I try using the cmdlet to move a legacy user instead.  It would have been easy to get these users over if the old OCS environment still existed but that wasn’t the case for this organization.

Solution

What I ended up doing was to open up adsiedit.msc, navigate to the user’s object, open the properties, and removing or setting the following attributes to “<not set>” and “0”:

1. msRTCSIP-ArchivingEnabled
2. msRTCSIP-FederationEnabled
3. msRTCSIP-InternetAccessEnabled
4. msRTCSIP-OptionFlags
5. msRTCSIP-PrimaryHomeServer
6. msRTCSIP-PrimaryUserAddress
7. msRTCSIP-UserEnabled

Here’s an example of a user who still had legacy OCS attributes populated for their account:

Here’s an example of a user account that had the legacy OCS attributes removed:

I’d have to say that while this solution works, it properly doesn’t scale well if you had more than 50 users in the organization so if you fall into that situation, I would suggest that you make an attempt to script the procedure for everyone in Active Directory (make sure you run the script before you enable anyone for Lync).