Solved

Cannot disable mailbox in Exchange 2010

Posted on 2011-02-11
14
2,090 Views
Last Modified: 2012-08-13
Hi.  I'm having a problem disabling a mailbox on Exchange 2010 SP1.  The mailbox is my own and I am a domain admin.  Other domain admins are not seeing this problem.  The error is:

Active Directory operation failed on <domain controller>.  This error is not retriable.  Additional information: In sufficient access rights to perform the operation.  Active Directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0.  The user has insufficient rights.  

I have already attempted to restore inherited rights to the AD account.  Other advice?
0
Comment
Question by:mptcmanage
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +4
14 Comments
 
LVL 3

Expert Comment

by:JanStoops
ID: 34871109
Using adsi edit compare the administrator accounts?
0
 
LVL 6

Expert Comment

by:mattconroy
ID: 34871252
Are you an Org Admin for Exchange 2010?
0
 
LVL 26

Expert Comment

by:jar3817
ID: 34871474
Just because you're a domain admin doesn't mean you can do anything you want to the exchange database. Check the permissions on the mailstore and add yourself if necessary.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:mptcmanage
ID: 34871505
I don't think this has anything to do with my administrative privileges.  I can do other administrative functions in Exchange, including disabling other mailboxes.  I just can't disable this one mailbox.
0
 
LVL 3

Expert Comment

by:JanStoops
ID: 34871548
Using EMS: get-mailboxpermission -identity <mailboxname>
0
 

Author Comment

by:mptcmanage
ID: 34871646
I implicitly added me to the mailbox.

Identity             User                 AccessRights                                                IsInherited Deny
--------             ----                 ------------                                                ----------- ----
college.mptc.tech... COLLEGE\jloomans     {FullAccess}                                                False       False


Still cannot disable the mailbox.
0
 
LVL 26

Expert Comment

by:jar3817
ID: 34871678
Not sure if it matters....but does someone have this mailbox open currently?
0
 

Author Comment

by:mptcmanage
ID: 34871707
Nope.  Mailbox is closed.
0
 
LVL 43

Expert Comment

by:Taurus
ID: 34873673
Restart Exchange Server and see, if you are able to disable it
0
 
LVL 8

Expert Comment

by:teomcam
ID: 34879998
Did you try to run Management Shell in elevated mode?
0
 

Accepted Solution

by:
mptcmanage earned 0 total points
ID: 34887799
A coworker of mine found the answer.  The following is a quotation from the article he referenced.  I do not have a URL.

I had the same problem, and even with the checkbox checked it wouldn't work.  The answer was that a key permission was missing, even on the parent OU.  The error about a user not having permission is NOT referring to YOU.  The action is being performed by the Exchange Enterprise Servers group (specifically the Exchange server handling the move request).  
Make sure the Exchange Enterprise Servers group has the permissions for the following:
   - (Object tab) List Contents [Allow]
   - (Properties tab) Read Display Name [Allow]
   - (Properties tab) Write Display Name [Allow]
   - (Properties tab) Read Exchange Information [Allow]
   - (Properties tab) Write Exchange Information [Allow]
   - (Properties tab) Read Personal Information [Allow]
   - (Properties tab) Write Personal Information [Allow]
   - (Properties tab) Read Public Information [Allow]
   - (Properties tab) Write Public Information [Allow]
I was missing the Read/Write Exchange Information on a few users (don't know why), but after adding the ACLs back in it worked for everyone.
0
 
LVL 43

Expert Comment

by:Taurus
ID: 34888125
Thanks for Sharing.
0
 

Author Closing Comment

by:mptcmanage
ID: 34932070
Found the answer ourselves.
0
 

Expert Comment

by:ITdesk
ID: 38194173
I had a problem removing a user via the EMC & the solution was:
"Restore defaults" from Advanced Security Settings in the AD'S user object.
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question