Solved

Cannot disable mailbox in Exchange 2010

Posted on 2011-02-11
14
2,050 Views
Last Modified: 2012-08-13
Hi.  I'm having a problem disabling a mailbox on Exchange 2010 SP1.  The mailbox is my own and I am a domain admin.  Other domain admins are not seeing this problem.  The error is:

Active Directory operation failed on <domain controller>.  This error is not retriable.  Additional information: In sufficient access rights to perform the operation.  Active Directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0.  The user has insufficient rights.  

I have already attempted to restore inherited rights to the AD account.  Other advice?
0
Comment
Question by:mptcmanage
  • 5
  • 2
  • 2
  • +4
14 Comments
 
LVL 3

Expert Comment

by:JanStoops
Comment Utility
Using adsi edit compare the administrator accounts?
0
 
LVL 6

Expert Comment

by:mattconroy
Comment Utility
Are you an Org Admin for Exchange 2010?
0
 
LVL 26

Expert Comment

by:jar3817
Comment Utility
Just because you're a domain admin doesn't mean you can do anything you want to the exchange database. Check the permissions on the mailstore and add yourself if necessary.
0
 

Author Comment

by:mptcmanage
Comment Utility
I don't think this has anything to do with my administrative privileges.  I can do other administrative functions in Exchange, including disabling other mailboxes.  I just can't disable this one mailbox.
0
 
LVL 3

Expert Comment

by:JanStoops
Comment Utility
Using EMS: get-mailboxpermission -identity <mailboxname>
0
 

Author Comment

by:mptcmanage
Comment Utility
I implicitly added me to the mailbox.

Identity             User                 AccessRights                                                IsInherited Deny
--------             ----                 ------------                                                ----------- ----
college.mptc.tech... COLLEGE\jloomans     {FullAccess}                                                False       False


Still cannot disable the mailbox.
0
 
LVL 26

Expert Comment

by:jar3817
Comment Utility
Not sure if it matters....but does someone have this mailbox open currently?
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:mptcmanage
Comment Utility
Nope.  Mailbox is closed.
0
 
LVL 41

Expert Comment

by:Amit
Comment Utility
Restart Exchange Server and see, if you are able to disable it
0
 
LVL 8

Expert Comment

by:teomcam
Comment Utility
Did you try to run Management Shell in elevated mode?
0
 

Accepted Solution

by:
mptcmanage earned 0 total points
Comment Utility
A coworker of mine found the answer.  The following is a quotation from the article he referenced.  I do not have a URL.

I had the same problem, and even with the checkbox checked it wouldn't work.  The answer was that a key permission was missing, even on the parent OU.  The error about a user not having permission is NOT referring to YOU.  The action is being performed by the Exchange Enterprise Servers group (specifically the Exchange server handling the move request).  
Make sure the Exchange Enterprise Servers group has the permissions for the following:
   - (Object tab) List Contents [Allow]
   - (Properties tab) Read Display Name [Allow]
   - (Properties tab) Write Display Name [Allow]
   - (Properties tab) Read Exchange Information [Allow]
   - (Properties tab) Write Exchange Information [Allow]
   - (Properties tab) Read Personal Information [Allow]
   - (Properties tab) Write Personal Information [Allow]
   - (Properties tab) Read Public Information [Allow]
   - (Properties tab) Write Public Information [Allow]
I was missing the Read/Write Exchange Information on a few users (don't know why), but after adding the ACLs back in it worked for everyone.
0
 
LVL 41

Expert Comment

by:Amit
Comment Utility
Thanks for Sharing.
0
 

Author Closing Comment

by:mptcmanage
Comment Utility
Found the answer ourselves.
0
 

Expert Comment

by:ITdesk
Comment Utility
I had a problem removing a user via the EMC & the solution was:
"Restore defaults" from Advanced Security Settings in the AD'S user object.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Synchronize a new Active Directory domain with an existing Office 365 tenant
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates‚Ķ
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now