none
while removing mailbox getting bellow error on ms exchange 2020

    Question

  • hi

    in our environment ms exchange 2010 single domain and single forest

    while deleting mailbox i m getting bellow error message 

    Microsoft Exchange Error
    --------------------------------------------------------
    Action 'Remove' could not be performed on object 'Pravin Warang'.

    Pravin Warang
    Failed
    Error:
    Active Directory operation failed on SJKTSADC01.APPServer.local. This error is not retriable. Additional information: Access is denied.
    Active directory response: 00000005: SecErr: DSID-031520B2, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0


    The user has insufficient access rights.




    --------------------------------------------------------
    OK
    -------------------------------------

    Please guide me to resolved this error

    Monday, May 28, 2012 6:36 AM

All replies

  • Hello

    The error seems to be permission issue by which account you are trying to remove the mailbox 

    can you post the Event id from application logs


    Thanks Mouzzam Hussain Visit to my Blog mouzzamh.wordpress.com

    Monday, May 28, 2012 7:20 AM
  • Are you able to disable this mailbox?
    Run this command to remove the mailbox and post the update

    Remove-Mailbox -Identity contoso\john

    What is the Service Pack level you are running on exchange?


    Gulab Prasad,
    My Blog | Z-Hire Employee Provisioning App

    Monday, May 28, 2012 8:53 AM
  • On Mon, 28 May 2012 06:36:02 +0000, chandrakantR wrote:
     
    >in our environment ms exchange 2010 single domain and single forest
    >
    >while deleting mailbox i m getting bellow error message
    >
    >Microsoft Exchange Error -------------------------------------------------------- Action 'Remove' could not be performed on object 'Pravin Warang'. Pravin Warang Failed Error: Active Directory operation failed on SJKTSADC01.APPServer.local. This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-031520B2, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 The user has insufficient access rights. -------------------------------------------------------- OK -------------------------------------
    >
    >Please guide me to resolved this error
     
    You're not just disconnecting the mailbox, you're also deleting the AD
    user. It looks to me as if you don't have permission to do that.
     
    If you only want to disconnect the maibox use the "disable-mailbox"
    cmdlet.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Monday, May 28, 2012 3:00 PM
  • If you have AD administrator permissions it may be the the AD object does not have "Inherit permissions" ticked - Security tab -> Advanced.

    Steve

    Monday, May 28, 2012 4:14 PM
  • thanks for your reply please see the bellow event log error

    Log Name:      Application
    Source:        MSExchange Configuration Cmdlet - Remote Management
    Date:          5/29/2012 4:43:18 PM
    Event ID:      4
    Task Category: General
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      SJKMAILSERVER.APPServer.local
    Description:
    (PID 7936, Thread 27) Task Remove-Mailbox writing error when processing record of index 0. Error: Microsoft.Exchange.Data.Directory.ADOperationException: Active Directory operation failed on SJKDC01.APPServer.local. This error is not retriable. Additional information: Access is denied.
    Active directory response: 00000005: SecErr: DSID-031520B2, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
     ---> System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights.
       at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
       at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
       at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, IAccountingObject budget)
       at Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
       --- End of inner exception stack trace ---
       at Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
       at Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
       at Microsoft.Exchange.Data.Directory.ADSession.Delete(ADObject instanceToDelete, Boolean enableTreeDelete)
       at Microsoft.Exchange.Data.Directory.Recipient.ADRecipientSession.Microsoft.Exchange.Data.IConfigDataProvider.Delete(IConfigurable instance)
       at Microsoft.Exchange.Configuration.Tasks.RemoveTaskBase`2.InternalProcessRecord()
       at Microsoft.Exchange.Management.RecipientTasks.RemoveMailboxBase`1.InternalProcessRecord()
       at Microsoft.Exchange.Management.RecipientTasks.RemoveMailbox.InternalProcessRecord()
       at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="MSExchange Configuration Cmdlet - Remote Management" />
        <EventID Qualifiers="49152">4</EventID>
        <Level>2</Level>
        <Task>1</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2012-05-29T11:13:18.000000000Z" />
        <EventRecordID>119305</EventRecordID>
        <Channel>Application</Channel>
        <Computer>SJKMAILSERVER.APPServer.local</Computer>
        <Security />
      </System>
      <EventData>
        <Data>7936</Data>
        <Data>27</Data>
        <Data>Remove-Mailbox</Data>
        <Data>0</Data>
        <Data>Microsoft.Exchange.Data.Directory.ADOperationException: Active Directory operation failed on SJKDC01.APPServer.local. This error is not retriable. Additional information: Access is denied.
    Active directory response: 00000005: SecErr: DSID-031520B2, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
     ---&gt; System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights.
       at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
       at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
       at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, IAccountingObject budget)
       at Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
       --- End of inner exception stack trace ---
       at Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
       at Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
       at Microsoft.Exchange.Data.Directory.ADSession.Delete(ADObject instanceToDelete, Boolean enableTreeDelete)
       at Microsoft.Exchange.Data.Directory.Recipient.ADRecipientSession.Microsoft.Exchange.Data.IConfigDataProvider.Delete(IConfigurable instance)
       at Microsoft.Exchange.Configuration.Tasks.RemoveTaskBase`2.InternalProcessRecord()
       at Microsoft.Exchange.Management.RecipientTasks.RemoveMailboxBase`1.InternalProcessRecord()
       at Microsoft.Exchange.Management.RecipientTasks.RemoveMailbox.InternalProcessRecord()
       at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()</Data>
        <Data>{abfb3266-2c62-4301-b445-0337226c8bfa}</Data>
      </EventData>
    </Event>

    also i had give admin permission to this user but still i am facing this problem

    thanks regards,

    Chandrakant

    Tuesday, May 29, 2012 11:58 AM
  • Did you check Inheritance block on the user?

    Gulab Prasad,
    My Blog | Z-Hire Employee Provisioning App

    Tuesday, May 29, 2012 12:00 PM
  • yes , i am able to disable this mailbox also tried to remove mailbox from power shell command but it is not working 
    Tuesday, May 29, 2012 12:00 PM
  • Hi ,

    Do you do any action on DC ?

    And test if you can delete or operate other user.

    It seems to can’t find the DC and remote operate it.

    The following article for your reference.

    XADM/Exch2010/ Exchange EMC cannot access the AD configuration data:

    http://support.microsoft.com/kb/2019500

    Set AdServerSettings:

    http://support.microsoft.com/kb/977960


    Wendy Liu

    TechNet Community Support




    Monday, June 04, 2012 2:12 AM
    Moderator
  • thanks for your reply but i think it works with ms exchange 2010 enterprise only and we are using 2010 std.

    while removing mailbox from EMC Event generated in application is bellow

    Log Name:      Application
    Source:        MSExchange Configuration Cmdlet - Remote Management
    Date:          6/4/2012 4:26:50 PM
    Event ID:      4
    Task Category: General
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      SJKMAILSERVER.APPServer.local
    Description:
    (PID 18528, Thread 23) Task Remove-Mailbox writing error when processing record of index 0. Error: Microsoft.Exchange.Data.Directory.ADOperationException: Active Directory operation failed on SJKTSADC01.APPServer.local. This error is not retriable. Additional information: Access is denied.
    Active directory response: 00000005: SecErr: DSID-031520B2, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
     ---> System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights.
       at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
       at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
       at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, IAccountingObject budget)
       at Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
       --- End of inner exception stack trace ---
       at Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
       at Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
       at Microsoft.Exchange.Data.Directory.ADSession.Delete(ADObject instanceToDelete, Boolean enableTreeDelete)
       at Microsoft.Exchange.Data.Directory.Recipient.ADRecipientSession.Microsoft.Exchange.Data.IConfigDataProvider.Delete(IConfigurable instance)
       at Microsoft.Exchange.Configuration.Tasks.RemoveTaskBase`2.InternalProcessRecord()
       at Microsoft.Exchange.Management.RecipientTasks.RemoveMailboxBase`1.InternalProcessRecord()
       at Microsoft.Exchange.Management.RecipientTasks.RemoveMailbox.InternalProcessRecord()
       at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="MSExchange Configuration Cmdlet - Remote Management" />
        <EventID Qualifiers="49152">4</EventID>
        <Level>2</Level>
        <Task>1</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2012-06-04T10:56:50.000000000Z" />
        <EventRecordID>123978</EventRecordID>
        <Channel>Application</Channel>
        <Computer>SJKMAILSERVER.APPServer.local</Computer>
        <Security />
      </System>
      <EventData>
        <Data>18528</Data>
        <Data>23</Data>
        <Data>Remove-Mailbox</Data>
        <Data>0</Data>
        <Data>Microsoft.Exchange.Data.Directory.ADOperationException: Active Directory operation failed on SJKTSADC01.APPServer.local. This error is not retriable. Additional information: Access is denied.
    Active directory response: 00000005: SecErr: DSID-031520B2, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
     ---&gt; System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights.
       at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
       at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
       at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, IAccountingObject budget)
       at Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
       --- End of inner exception stack trace ---
       at Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
       at Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
       at Microsoft.Exchange.Data.Directory.ADSession.Delete(ADObject instanceToDelete, Boolean enableTreeDelete)
       at Microsoft.Exchange.Data.Directory.Recipient.ADRecipientSession.Microsoft.Exchange.Data.IConfigDataProvider.Delete(IConfigurable instance)
       at Microsoft.Exchange.Configuration.Tasks.RemoveTaskBase`2.InternalProcessRecord()
       at Microsoft.Exchange.Management.RecipientTasks.RemoveMailboxBase`1.InternalProcessRecord()
       at Microsoft.Exchange.Management.RecipientTasks.RemoveMailbox.InternalProcessRecord()
       at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()</Data>
        <Data>{90db0dd8-52e5-4ced-9da5-91135b4552d9}</Data>
      </EventData>
    </Event>

    Please above event log and guide me how to resolved this

    Regards,

    Chandrakant Redkar

    Monday, June 04, 2012 11:07 AM
  • As I asked before, did you checked Inheritance blocked on the mailbox?


    Gulab Prasad,
    My Blog | Z-Hire Employee Provisioning App

    Monday, June 04, 2012 11:16 AM
  • Thanks for the posted Gulab. I was having the same issue and I enable the Inheritance Permissions and worked! I was able to removed the object from Exchange as well AD.
    Monday, September 24, 2012 4:04 PM
  • Hi Christian,

    Run following command to check AD & mailbox permission.
    Get-MailboxPermission -Identity <MailboxIdParameter> [-Credential <PSCredential>] [-DomainController <Fqdn>] [-ReadFromDomainController <SwitchParameter>] [-ResultSize <Unlimited>] [-User <SecurityPrincipalIdParameter>]

    Get-ADPermission -Identity <ADRawEntryIdParameter> [-DomainController <Fqdn>] [-User <SecurityPrincipalIdParameter>]

    Run following command to check AD & mailbox permission.
    And then check the inheritance Permissions has been enabled or not to fix the issue.


    ***Don't forget to mark helpful or answer***

    Monday, September 24, 2012 7:31 PM
  • Also  do check if user account has a setting "Protect object from accidental deletion"

    Find user account in ADUC

    On the View Click on Advance futures , click on object tab and clear the check mark where it says “Protect object from accidental deletion”


    ***Don't forget to mark helpful or answer***

    Monday, September 24, 2012 7:34 PM
  • delete user from AD

    disable email id from MS (will give error)

    create the same user again in the same OU with the same username

    close MS exchange interface

    open it again

    the email id will be shifted to disabled emails

    locate the email and right click -> connect

    ENTER : choose existing user (then choose the user)

    ENTER: alias (same as before)

    next finish

    no error must happen

    i hope it will work fine
    Monday, August 12, 2013 12:50 PM
  • Hello  you can try it :

    Log into your Domain controller and follow the steps below

    • Click Start type ADUC (dsa.msc) 
    • On the View Click on Advance futures , click on object tab and clear the check mark where it says “Protect object from accidental deletion”
    • Try to delete again, you should be fine.

    Tell me if these steps solve your ussue

    Friday, September 27, 2013 10:59 AM
  • I had a similar issue where I couldn't delete the user account from Exchange... looked around and found this brilliant article..

    and it includes screenshots :-)

     

    http://blog.nick.mackechnie.co.nz/post/2009/11/20/Exchange-2010-Active-Sync-Issue.aspx

    Wednesday, October 02, 2013 5:57 AM
  • Which still begs the question: is inheritance blocked on the AD user object, or is "Protect object from accidental deletion" enabled on the user object?

    Until that question is answered the problem remains "insufficiently defined".


    --- Rich Matheisen MCSE&I, Exchange MVP

    Wednesday, October 02, 2013 9:57 PM