The CCS fields such as  "Password Expires? (effective)" and "Password: Days to Expiration" are giving output as "[Insufficient Rights]".

The expected output for "Password Expires? (effective)" is TRUE/FALSE.

The expected output for "Password: Days to Expiration" are integer values representing number of days.

The local security policy on the Domain Controller(s) has been enabled.

Network access: Restrict clients allowed to make remote calls to SAM

In the local security policy you need to add in the credential(s) configured for collecting data from domain controllers.

Edit the 'Network access: Restrict clients allowed to make remote calls to SAM' and add in configured credentials.

Once this is done the queries will now return the correct data.