locked
Exchange 2010 Mailbox Move or Delete Error INSUFF_ACCESS_RIGHTS RRS feed

  • General discussion


  • Active Directory operation failed on *DomainController*. This error is not retriable. Additional information: Insufficient access rights to perform the operation.

    Hi;

    We came across an error today when we were trying to move a mailbox from Exchange 2007 onto Exchange 2010 or Exchange 2010 mailbox delete which was stopping us moving the mailbox.


    Error: 

    Active Directory operation failed on *DomainController*. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
    Active directory response: 00002098: SecErr: DSID-03150E8A, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

    The user has insufficient access rights.

    Exchange Management Shell command attempted:
    ’*OUStructure*’ | New-MoveRequest -TargetDatabase ‘Mailbox Database 1985885663′ -BadItemLimit ‘-1′

     

    Resolution 1

     Open Active Directory Users and Computers

    • Find the user of which the mailbox move caused the error
    • Open up the properties of this user and go to the security tab (if this is not available, choose view and then advanced features in the AD users and computers MMC)
    • Click on [Advanced]
    • Activate the checkbox “Include inheritable permissions from this object’s parent” and then click [OK] twice.

     

    Resolution 2 : If you are using Office Communicator. The following actions will resolve your question


    • Open Run
    • Adsiedit.msc
    • User properties
    • RTC values check
    • Clear RTC Values
    OCS RTC Active Directory operation failed on *DomainController*. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
    Friday, March 23, 2012 8:50 PM

All replies

  • Do you have a question then?

    As the inherit permissions is the usual cause. It isn't a live permission change because of the way that Exchange caches permissions, so if you made that change and then tried it again immediately, it wouldn't work.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.

    Sunday, March 25, 2012 12:32 PM
  • Follow these steps and try aganin.

    1. Find the user of which the mailbox move caused the permission error.
    2. Open up the properties of this user and go to the security tab (if this is not available, choose view and then advanced features in the AD users and computers MMC).
    3. Click on [Advanced].
    4. Activate the checkbox Include inheritable permissions from this objects parent and then click [OK] twice.

    Fahad AlSumairi

    Saturday, May 26, 2012 9:52 AM
  • Follow these steps and try aganin.

    1. Find the user of which the mailbox move caused the permission error.
    2. Open up the properties of this user and go to the security tab (if this is not available, choose view and then advanced features in the AD users and computers MMC).
    3. Click on [Advanced].
    4. Activate the checkbox Include inheritable permissions from this objects parent and then click [OK] twice.

    Fahad AlSumairi

    This worked for my issue perfectly. 
    Wednesday, August 6, 2014 1:44 PM
  • Is there a way to automate this?  I want to recreate the monitoring mailboxes but there are 22 HealthMailboxGUID accounts in ADUC and shift select all does not allow me to enable inheritance on all of them.

    Tuesday, December 9, 2014 3:37 PM