Exchange 2016: Insufficient access rights to perform the operation. Enabling Remote Mailbox.

Published on
3,595 Points
Last Modified:
Shaun Hardneck
Passionate and Experienced IT Professional with experience in Microsoft Exchange Messaging and Office 365 solutions.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.

During an installation and configuration of Exchange 2016 with Hybrid deployment, I come across the error message as shown below when running the cmdlet "Enable-RemoteMailbox"

Error: "Active Directory operation failed on Rock.solid.local. This error is not retriable. Additional information: Insufficient access rights to perform the operation."

In my Exchange 2016 environment, this was no different.  To resolve the issue, I performed the steps outlined below.


  1.   Open the user’s AD object and select the Security tab. This will show the current security configuration of the object.

If you examine the list and compare to a user account that does work properly, you will notice that certain Exchange permissions are either missing or different. In order to fix this, click on the "Advanced" button. 

Then select the check box that reads “Include inheritable permissions from this object’s parent

By having a look at the Advanced Permissions I saw that the "Inherit Permissions " was not "Enabled"


After "Enabling" Inheritance, I ran the same command "Enable-RemoteMailbox" and it completed with out any errors.

I hope the content of this tutorial is helpful to our readers.




Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Join & Write a Comment

Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month