none
Error - Mailbox move from Exchange 2003 to Exchange 2010

    Question

  • All,

    I have the following is the Exchange Organization structure

    =>ABCCorp
           ||
           \/
            => Exchange2003_Site1
    ||
    \/=> exServer1
            ||
            \/=> Exchange2003_Site2
    ||
    \/=> exServer1
    ||
            \/=> Exchange Administraive Group {FYDIBOHF23SPDLT}
    ||
    \/=> Exch2k7
                      => Serv1 Exchange-2010
     => Serv2 Exchange-2010

    I have mutlti domains AD as per geopgraphic, so every site has seperate domain tree which
    all connected in a forest (ABCCorp.com). In this AD structure we are having exchange 2003 and also exchange 2010/2007 servers and it is working fine.

    Now new AD admin propose new domain structure like single domain tree, so we install new child domain under ABCCorp.com as per geopgraphic area under. with this we have AD1.ABCCorp.com domain in one site and we have
    installed new Exchange 2010 Serv2 under this domain successfully. Also tested all email flow between all exchange servers and it is working fine. I am facing problem for mailbox migration from Exchange 2003 in Exchange2003_Site1 user to new Exch2 - Exchange 2010. I am getting error

    ==============================================
    Username
    Failed

    Error:
    Active Directory operation failed on pundc1.egain.in. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
    Active directory response: 00002098: SecErr: DSID-03150A48, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

    The user has insufficient access rights.
    Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.2.247.1&t=exchgf1&e=ms.exch.err.Ex6AE46B

    Exchange Management Shell command attempted:
    'Username' | New-MoveRequest -TargetDatabase 'Mailbox Database 1888838064'

    ===============================================

    I have tried - 

    http://www.marcvalk.net/2009/11/error-on-moving-mailbox-to-exchange-2010/ and more such solutions from Google but not succeed.

    Please let me know the solution to resolve this problem. Thanks in Advance.

    Thanks

    Vijay Dalimkar

                                     

    Vijay Dalimkar VCP,MSTS,MCITP,SCSA

    Monday, July 16, 2012 12:00 PM

Answers

  • Went to the properties of one mailbox and checked the security tab
     exchange trusted subsystem may be missing on the user

    Terence Yu

    TechNet Community Support

    • Marked as answer by Vijay Dalimkar Wednesday, July 18, 2012 11:26 AM
    Tuesday, July 17, 2012 6:02 AM
    Moderator

All replies

  • Username
    Failed

    Error:
    Active Directory operation failed on pundc1.egain.in. This error is not retriable. Additional information: Insufficient access rights 

    Hi

    Are you running this with an account that has the correct rights?


    Monday, July 16, 2012 12:05 PM
  • Yes, I used domain admin of domain where exchange 2003 user resides and also used Enterprise administrator user to do "New-MoveRequest task. I am getting same error. 

    Thanks

    Vijay


    Vijay Dalimkar VCP,MSTS,MCITP,SCSA

    Monday, July 16, 2012 12:56 PM
  • Is your account part of Organization Management and Recipient management?

    You can verify this by running: 

    Get-RoleGroupMember "Organization Management"

    Get-RoleGroupMember "Recipient Management"

    Monday, July 16, 2012 1:27 PM
  • Here I used the AD "Enterprise Administrator" user which is part of "Exchange Organisation Administrator" group.  So this account has full rights on all exchange servers in the organisation.

    Thanks
    Vijay


    Vijay Dalimkar VCP,MSTS,MCITP,SCSA

    Tuesday, July 17, 2012 4:48 AM
  • When you introduced Exchange 2010 did you setup legacy permissions?

    setup /preparelegacyexchangepermissions

    Tuesday, July 17, 2012 5:25 AM
  • Went to the properties of one mailbox and checked the security tab
     exchange trusted subsystem may be missing on the user

    Terence Yu

    TechNet Community Support

    • Marked as answer by Vijay Dalimkar Wednesday, July 18, 2012 11:26 AM
    Tuesday, July 17, 2012 6:02 AM
    Moderator
  • As I mentioned earlier I have domain egdomain.mydomain.com in site1 under ABCCorp Forest with exchange 2003 in this domain.

    Now I have introduced  new domain egdomain1.ABCCorp.com in the same site and forest. In this site I have added new Exchange 2010. I do think we have to run the setup /preparelegacyexchangepermissions as there is no legacy exchange in the new domain. But still I have done it (run by using Enterprise admin a/c) but still having issue.

    I have checked the user properties and security tab, there is no "exchange trusted subsystem" group available.

    Could you please let me know what exact rights need to assign to this group on that user? I will do it and test it.

    Thanks
    Vijay



    Vijay Dalimkar VCP,MSTS,MCITP,SCSA

    Tuesday, July 17, 2012 6:50 AM
  • Hi
      ad users and computers->microsoft exchange security groups-> can you find exchange trusted Subsystem?
      If you can find it, please create test user mailbox. Then you can add this permission on it can move it again.
      If you can't find it, you should run preparealldomains to fix the issue.

    Terence Yu

    TechNet Community Support

    Wednesday, July 18, 2012 12:59 AM
    Moderator
  • Thanks Terence

    I have checked it and the "Exchange Trusted Subsystem" is available only in Forest root domain where Schema

    FSMO is available and not in other domains in other sites. But after giving full rights to this group on the user mailbox, I am able to move mailbox successfully. It has resolved my problem. But it is not possible to apply this for every users, so can I apply to OU level so that it will automatically inherit permission from the OU. Please suggest.

    Thanks

    Vijay 


    Vijay Dalimkar VCP,MSTS,MCITP,SCSA

    Wednesday, July 18, 2012 7:00 AM
  • Hi 
       thanks for your update.
       I just test add users into group and assign permission to this group. I think ou will ok nut i never test it.
      

    Terence Yu

    TechNet Community Support

    Wednesday, July 18, 2012 8:21 AM
    Moderator