Cannot disable mailbox in Exchange 2010

Hi.  I'm having a problem disabling a mailbox on Exchange 2010 SP1.  The mailbox is my own and I am a domain admin.  Other domain admins are not seeing this problem.  The error is:

Active Directory operation failed on <domain controller>.  This error is not retriable.  Additional information: In sufficient access rights to perform the operation.  Active Directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0.  The user has insufficient rights.  

I have already attempted to restore inherited rights to the AD account.  Other advice?
mptcmanageAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
mptcmanageConnect With a Mentor Author Commented:
A coworker of mine found the answer.  The following is a quotation from the article he referenced.  I do not have a URL.

I had the same problem, and even with the checkbox checked it wouldn't work.  The answer was that a key permission was missing, even on the parent OU.  The error about a user not having permission is NOT referring to YOU.  The action is being performed by the Exchange Enterprise Servers group (specifically the Exchange server handling the move request).  
Make sure the Exchange Enterprise Servers group has the permissions for the following:
   - (Object tab) List Contents [Allow]
   - (Properties tab) Read Display Name [Allow]
   - (Properties tab) Write Display Name [Allow]
   - (Properties tab) Read Exchange Information [Allow]
   - (Properties tab) Write Exchange Information [Allow]
   - (Properties tab) Read Personal Information [Allow]
   - (Properties tab) Write Personal Information [Allow]
   - (Properties tab) Read Public Information [Allow]
   - (Properties tab) Write Public Information [Allow]
I was missing the Read/Write Exchange Information on a few users (don't know why), but after adding the ACLs back in it worked for everyone.
0
 
JanStoopsCommented:
Using adsi edit compare the administrator accounts?
0
 
mattconroyCommented:
Are you an Org Admin for Exchange 2010?
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
jar3817Commented:
Just because you're a domain admin doesn't mean you can do anything you want to the exchange database. Check the permissions on the mailstore and add yourself if necessary.
0
 
mptcmanageAuthor Commented:
I don't think this has anything to do with my administrative privileges.  I can do other administrative functions in Exchange, including disabling other mailboxes.  I just can't disable this one mailbox.
0
 
JanStoopsCommented:
Using EMS: get-mailboxpermission -identity <mailboxname>
0
 
mptcmanageAuthor Commented:
I implicitly added me to the mailbox.

Identity             User                 AccessRights                                                IsInherited Deny
--------             ----                 ------------                                                ----------- ----
college.mptc.tech... COLLEGE\jloomans     {FullAccess}                                                False       False


Still cannot disable the mailbox.
0
 
jar3817Commented:
Not sure if it matters....but does someone have this mailbox open currently?
0
 
mptcmanageAuthor Commented:
Nope.  Mailbox is closed.
0
 
AmitIT ArchitectCommented:
Restart Exchange Server and see, if you are able to disable it
0
 
teomcamCommented:
Did you try to run Management Shell in elevated mode?
0
 
AmitIT ArchitectCommented:
Thanks for Sharing.
0
 
mptcmanageAuthor Commented:
Found the answer ourselves.
0
 
ITdeskCommented:
I had a problem removing a user via the EMC & the solution was:
"Restore defaults" from Advanced Security Settings in the AD'S user object.
0
All Courses

From novice to tech pro — start learning today.