I occasionally see this error when attempting to enable a new AD user in Lync:

The usual fix is to find the user object in AD, ensure that permission inheritance is enabled (open the user object in ADUC, go to the Security tab, click on Advanced, then check the “Include inheritable permissions from this object’s parents”) or restore the default permissions. In this case, neither of those actions had any effect. The only way I could enable this user was by logging into the Lync server,opening the Lync Management Shell and running this command:

Enable-CsUser -Identity Joe.User@domain.com -RegistarPool lync.domain.com -SipAddressType UserPrincipalName

I found this solution on Akshat’s blog at TechNet, but the cause in this case is different. I don’t have any subdomains. If I run into the same thing again, I’ll probably put some time into figuring out exactly what was going on with this user. In the meantime, my user is happy.