Access Denied when running Forest Prep - Lync2013

I have hit a large brick wall and have found no solution online for my exact issues. It is time to call in the professionals. Here is a description of my error.

I have a Server 2012R2 Server which has all the pre-requisites installed to be able to install as a Lync 2013 Server. I have launched and successfully completed a Schema Prep and checked manually through ADSI Edit. I move on to the Forest Prep and I hit an error. Here are the details from the installation window;

> Prepare Forest

Enable-CSAdForest -GroupDomain capito.local -Verbose -Confirm:$false -Report "C:\Users\Dave.Campbell-ent\AppData\Local\Temp\2\Enable-CSAdForest-[2013_11_04][10_32_51].html"
Creating new log file "C:\Users\Dave.Campbell-ent\AppData\Local\Temp\2\Enable-CSAdForest-4867bff2-c117-4aa2-8bf0-0d0a95280744.xml".
Enable the Active Directory forest to host Lync Server 2013 deployments.
Prepare Forest Active Directory settings execution failed on an unrecoverable error.
Creating new log file "C:\Users\Dave.Campbell-ent\AppData\Local\Temp\2\Enable-CSAdForest-[2013_11_04][10_32_51].html".
 WARNING: Enable-CSAdForest failed.
 WARNING: Detailed results can be found at "C:\Users\Dave.Campbell-ent\AppData\Local\Temp\2\Enable-CSAdForest-[2013_11_04][10_32_51].html".
Command execution failed: Active Directory operation failed on "*MYDC*". You cannot retry this operation: "Access is denied
00000005: SecErr: DSID-03152610, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
"

At this point, I should mention that I am Domain Admin, Enterprise Admin & Schema Admin. I launch the html log and here is the output

Lync Server 2013 Deployment Log  Collapse All Actions 
 Action   Action Information   Time Logged   Execution Result 
 ? Enable-CSAdForest         Failed 

 + ? Get Schema State      04/11/2013 10:32:51   Success 

     +    Major version: 1150   04/11/2013 10:32:51     
     +    Minor version: 3   04/11/2013 10:32:51     
     +    Server schema version: SCHEMA_VERSION_STATE_CURRENT   04/11/2013 10:32:51     
     +    Mode: SCHEMA_VERSION_STATE_CURRENT   04/11/2013 10:32:51     

 + ? Prepare Forest Active Directory settings      04/11/2013 10:32:51   Failed 

     +    Root domain: *.local.   04/11/2013 10:32:51     
     +    Root domain: *.local.   04/11/2013 10:32:51     
     +    Filter: (&((ObjectCategory Equal person)(ObjectClass Equal user)(Sid Equal S-1-5-21-1078081533-527237240-725345543-4500)))   04/11/2013 10:32:51     
     +    Found   04/11/2013 10:32:51     
     +    User: CN=Dave Campbell (Ent),OU=Administrators Accounts,OU=IT Resources,OU=Misc,OU=* ,DC=*,DC=local   04/11/2013 10:32:51     
     +    Group security identifier (SID): S-1-5-21-1078081533-527237240-725345543-519   04/11/2013 10:32:51     
     +    HasToken: True   04/11/2013 10:32:51     
     +    Create Active Directory object "Application Contacts".   04/11/2013 10:32:51     
     +    Create Active Directory object "Global Settings".   04/11/2013 10:32:51     
     +    Create Active Directory object "Topology Settings".   04/11/2013 10:32:51     
     +    Schema type: server   04/11/2013 10:32:51     
     +    Create Active Directory object "Pools".   04/11/2013 10:32:51     
     +    Create Active Directory object "Trusted Services".   04/11/2013 10:32:51     
     +    Create Active Directory object "Trusted MCUs".   04/11/2013 10:32:51     
     +    Create Active Directory object "Trusted WebComponentsServers".   04/11/2013 10:32:51     
     +    Create Active Directory object "Conference Directories".   04/11/2013 10:32:51     
     +    Create Active Directory object "RTCPropertySet".   04/11/2013 10:32:51     
     +    Create Active Directory object "RTCUserSearchPropertySet".   04/11/2013 10:32:51     
     +    Create Active Directory object "RTCUserProvisioningPropertySet".   04/11/2013 10:32:51     
     +    Create Groups   04/11/2013 10:32:51     
     +    Create universal group "RTCUniversalGlobalReadOnlyGroup".   04/11/2013 10:32:51     
     +    TaskFailed: Task execution failed.   04/11/2013 10:32:51   Error 
     +    Error: Active Directory operation failed on "*MYDC*". You cannot retry this operation: "Access is denied 00000005: SecErr: DSID-03152610, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 " 
? Details 
+ Type: ADOperationException 
+ ? Stack Trace 
    +   at Microsoft.Rtc.Management.ADConnect.Session.ADSession.AnalyzeDirectoryError(ADConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer) 
at Microsoft.Rtc.Management.ADConnect.Session.ADSession.ExecuteModificationRequest(ADObjectBase entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException) 
at Microsoft.Rtc.Management.ADConnect.Session.ADSession.Save(ADObjectBase instanceToSave, IEnumerable`1 properties) 
at Microsoft.Rtc.Management.Deployment.LcForest.DomainPrepCreateAccounts(DOMAIN_ACCTPREP_INFO[] groupsInfo) 
at Microsoft.Rtc.Management.Deployment.LcForest.ProcessLcsGroups(LcAction eAction) 
at Microsoft.Rtc.Management.Deployment.LcForest.PrepareForest() 

+ ? Additional Details 
    +   Error: The user has insufficient access rights. 
? Details 
+ Type: DirectoryOperationException 
+ ? Stack Trace 
    +   at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut) 
at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout) 
at Microsoft.Rtc.Management.ADConnect.Connection.ADConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation) 
at Microsoft.Rtc.Management.ADConnect.Session.ADSession.ExecuteModificationRequest(ADObjectBase entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException) 





   04/11/2013 10:32:51   Error 
     +    TaskFailed: Prepare Forest Active Directory settings execution failed on an unrecoverable error.   04/11/2013 10:32:51     
     +    TaskFailedResolution: Consult exception information and previous errors for more information on how to resolve this error.   04/11/2013 10:32:51     
     +    Rollback Groups   04/11/2013 10:32:51     
     +    Rollback object "RTCUserProvisioningPropertySet".   04/11/2013 10:32:51     
     +    Rollback object "RTCUserSearchPropertySet".   04/11/2013 10:32:51     
     +    Rollback object "RTCPropertySet".   04/11/2013 10:32:51     
     +    Rollback object "ApplicationContacts".   04/11/2013 10:32:51     
     +    Rollback object "GlobalSettings".   04/11/2013 10:32:51     
     +    Rollback object "TopologySettings".   04/11/2013 10:32:51     
     +    Rollback object "Pools".   04/11/2013 10:32:51     
     +    Rollback object "Trusted Services".   04/11/2013 10:32:51     
     +    Rollback object "Trusted MCUs".   04/11/2013 10:32:51     
     +    Rollback object "Trusted WebComponentsServers".   04/11/2013 10:32:51     
     +    Rollback object "Conference Directories".   04/11/2013 10:32:51     
     +    Error: Active Directory operation failed on "*MYDC*". You cannot retry this operation: "Access is denied 00000005: SecErr: DSID-03152610, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 " 
? Details 
+ Type: ADOperationException 
+ ? Stack Trace 
    +   at Microsoft.Rtc.Management.ADConnect.Session.ADSession.AnalyzeDirectoryError(ADConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer) 
at Microsoft.Rtc.Management.ADConnect.Session.ADSession.ExecuteModificationRequest(ADObjectBase entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException) 
at Microsoft.Rtc.Management.ADConnect.Session.ADSession.Save(ADObjectBase instanceToSave, IEnumerable`1 properties) 
at Microsoft.Rtc.Management.Deployment.LcForest.DomainPrepCreateAccounts(DOMAIN_ACCTPREP_INFO[] groupsInfo) 
at Microsoft.Rtc.Management.Deployment.LcForest.ProcessLcsGroups(LcAction eAction) 
at Microsoft.Rtc.Management.Deployment.LcForest.PrepareForest() 
at Microsoft.Rtc.Management.Deployment.Tasks.ForestPrepareTask.Action() 
at Microsoft.Rtc.Management.Internal.Utilities.LogWriter.InvokeAndLog(Action action) 

+ ? Additional Details 
    +   Error: The user has insufficient access rights. 
? Details 
+ Type: DirectoryOperationException 
+ ? Stack Trace 
    +   at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut) 
at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout) 
at Microsoft.Rtc.Management.ADConnect.Connection.ADConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation) 
at Microsoft.Rtc.Management.ADConnect.Session.ADSession.ExecuteModificationRequest(ADObjectBase entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException) 





   04/11/2013 10:32:51   Error 

 +    Error: An error occurred: "Microsoft.Rtc.Management.ADConnect.ADOperationException" "Active Directory operation failed on "*MYDC*". You cannot retry this operation: "Access is denied 
00000005: SecErr: DSID-03152610, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 
""   04/11/2013 10:32:51   Error 


DIV2,DIV3,DIV1

Hopefully someone can shed some light on a really confusing error message, thanks

Dave