Cannot disable mailbox in Exchange 2010

Hi.  I'm having a problem disabling a mailbox on Exchange 2010 SP1.  The mailbox is my own and I am a domain admin.  Other domain admins are not seeing this problem.  The error is:

Active Directory operation failed on <domain controller>.  This error is not retriable.  Additional information: In sufficient access rights to perform the operation.  Active Directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0.  The user has insufficient rights.  

I have already attempted to restore inherited rights to the AD account.  Other advice?
mptcmanageAsked:
Who is Participating?
 
mptcmanageAuthor Commented:
A coworker of mine found the answer.  The following is a quotation from the article he referenced.  I do not have a URL.

I had the same problem, and even with the checkbox checked it wouldn't work.  The answer was that a key permission was missing, even on the parent OU.  The error about a user not having permission is NOT referring to YOU.  The action is being performed by the Exchange Enterprise Servers group (specifically the Exchange server handling the move request).  
Make sure the Exchange Enterprise Servers group has the permissions for the following:
   - (Object tab) List Contents [Allow]
   - (Properties tab) Read Display Name [Allow]
   - (Properties tab) Write Display Name [Allow]
   - (Properties tab) Read Exchange Information [Allow]
   - (Properties tab) Write Exchange Information [Allow]
   - (Properties tab) Read Personal Information [Allow]
   - (Properties tab) Write Personal Information [Allow]
   - (Properties tab) Read Public Information [Allow]
   - (Properties tab) Write Public Information [Allow]
I was missing the Read/Write Exchange Information on a few users (don't know why), but after adding the ACLs back in it worked for everyone.
0
 
JanStoopsCommented:
Using adsi edit compare the administrator accounts?
0
 
mattconroyCommented:
Are you an Org Admin for Exchange 2010?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
jar3817Commented:
Just because you're a domain admin doesn't mean you can do anything you want to the exchange database. Check the permissions on the mailstore and add yourself if necessary.
0
 
mptcmanageAuthor Commented:
I don't think this has anything to do with my administrative privileges.  I can do other administrative functions in Exchange, including disabling other mailboxes.  I just can't disable this one mailbox.
0
 
JanStoopsCommented:
Using EMS: get-mailboxpermission -identity <mailboxname>
0
 
mptcmanageAuthor Commented:
I implicitly added me to the mailbox.

Identity             User                 AccessRights                                                IsInherited Deny
--------             ----                 ------------                                                ----------- ----
college.mptc.tech... COLLEGE\jloomans     {FullAccess}                                                False       False


Still cannot disable the mailbox.
0
 
jar3817Commented:
Not sure if it matters....but does someone have this mailbox open currently?
0
 
mptcmanageAuthor Commented:
Nope.  Mailbox is closed.
0
 
AmitIT ArchitectCommented:
Restart Exchange Server and see, if you are able to disable it
0
 
teomcamCommented:
Did you try to run Management Shell in elevated mode?
0
 
AmitIT ArchitectCommented:
Thanks for Sharing.
0
 
mptcmanageAuthor Commented:
Found the answer ourselves.
0
 
ITdeskCommented:
I had a problem removing a user via the EMC & the solution was:
"Restore defaults" from Advanced Security Settings in the AD'S user object.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.