GPPSD2357
asked on
Error when moving Mailbox from Exchange 2003 to 2010
Getting the following message when I try to movea mailbox from 2003 2010. I am lokked in as thee domain administrator.
Summary: 1 item(s). 0 succeeded, 1 failed.
Elapsed time: 00:00:02
GPAT Test
Failed
Error:
Active Directory operation failed on MyDomain.GPPSD.ab.ca. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.
Exchange Management Shell command attempted:
'MyDomain.ab.ca/Windows 7 Security Guide EC Client OU/Department OU/Windows Windows 7 Users OU/GPAT Test' | New-MoveRequest -TargetDatabase 'GPPSDSTAFF'
Elapsed Time: 00:00:02
Summary: 1 item(s). 0 succeeded, 1 failed.
Elapsed time: 00:00:02
GPAT Test
Failed
Error:
Active Directory operation failed on MyDomain.GPPSD.ab.ca. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.
Exchange Management Shell command attempted:
'MyDomain.ab.ca/Windows 7 Security Guide EC Client OU/Department OU/Windows Windows 7 Users OU/GPAT Test' | New-MoveRequest -TargetDatabase 'GPPSDSTAFF'
Elapsed Time: 00:00:02
You don't have the appropriate permissions.
Set up a new user and give it full access to all mailboxes as per this guide: http://support.microsoft.com/kb/821897
Then login using this user and move the mailboxes again.
Set up a new user and give it full access to all mailboxes as per this guide: http://support.microsoft.com/kb/821897
Then login using this user and move the mailboxes again.
Domain Admins cannot access Exchange 2003 mailboxs by default. Microsoft explicity denys read write access for Domain Admins (AD), Enterprise Admins (AD) Administrator (local), Exchange Administrator role (Exchange), and Exchange Full Administrator role (Exchange).
Try to create a mail recovery user (AD User account) and grant that user Exchange Administrator role. Login with that user and run the mailbox migration again.
Try to create a mail recovery user (AD User account) and grant that user Exchange Administrator role. Login with that user and run the mailbox migration again.
Check the users properties in AD and make sure inherit permission is checked.
And also the OU in which the mailbox user is, Exchange Server group shoud have write permission.
1) Open Active Directory Users and Computers.
2) Navigate to the problematic OU where user is
(3) Right the OU click properties,click security tab
4) Select Exchange server group and enable "write" permissions and click advanced
5) Under Advanced security settings window,select the "Exchange server" goup and
click edit to apply "This objects and all descendant objects"
6) Click ok .
And also the OU in which the mailbox user is, Exchange Server group shoud have write permission.
1) Open Active Directory Users and Computers.
2) Navigate to the problematic OU where user is
(3) Right the OU click properties,click security tab
4) Select Exchange server group and enable "write" permissions and click advanced
5) Under Advanced security settings window,select the "Exchange server" goup and
click edit to apply "This objects and all descendant objects"
6) Click ok .
Please verify your permissions as Narayan suggests as its what I was eluding to. That should certainly allow you to do whatever you need to do (migrate, restore, access, etc).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You could create a new user and add him as a member to the mail administrators so you can avoid editing the deny permissions on the current Domain Administrator account.
Also, please make sure the user in question is not disabled within AD.