Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3062
  • Last Modified:

The user has insufficient access rights when moving mailboxes

I still get this error and tried different accounts that have all the right permissions including: Enterprise Admins, Exchange Full Admins, Exchange Organizational Manament.

Please advice.

THank you very much!

Active Directory operation failed on dc01.domain.net. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.
Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.3.158.1&t=exchgf1&e=ms.exch.err.Ex6AE46B
Exchange Management Shell command attempted:
domain.net/USA/MIS/test user.' | New-MoveRequest -TargetDatabase 'Mailbox Database 1674393878'
0
claudiamcse
Asked:
claudiamcse
  • 6
  • 3
  • 2
1 Solution
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
So your saying the account is member of Exchange Org Admins .... as if so can you explicitly add the account to Recipient Admins group and if possible restart Information store service and try the move

- Rancy
0
 
claudiamcseAuthor Commented:
I have only Recepient Management Group. Added there
0
 
Seth SimmonsSr. Systems AdministratorCommented:
another possibility is inherited permissions
if you go to the properties of that user object in AD and on the security tab then advanced and see if include inheritable permissions is checked.  if not, that could be the issue

i had this problem at my last place when migrating users from 2007 to office 365
after checking that box the mailbox moved
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
claudiamcseAuthor Commented:
Didn't work. REceive the same error with a different DC mentioned.

Active Directory operation failed on dc03.domain.net. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.

Exchange Management Shell command attempted:
domain.net/USA/MIS/test user.' | New-MoveRequest -TargetDatabase 'Mailbox Database 1674393878'
0
 
claudiamcseAuthor Commented:
Regarding  the user object in AD. You are referring for the account that I am using to move the mailbox? Correct? Or the actual mailbox that I am moving. I did that for the account that I am using to move the mailbox already.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
the account for the user's mailbox
if you're trying to move joe then it's joe's account to check

your account permissions would only be at the exchange org level as mentioned in the beginning
0
 
claudiamcseAuthor Commented:
Yes. we did that and still getting the error
0
 
claudiamcseAuthor Commented:
Did all this and still getting an error:
Warning: Unable to update Active Directory information for the source mailbox at the end of the move. Error details: An error occurred while updating a user object after the move operation. --> Active Directory operation failed on dc01.domain.net. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
 --> The user has insufficient access rights.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Do you have appropriate Domain Admin rights to perform any changes in AD level ?

- Rancy
0
 
claudiamcseAuthor Commented:
So, we found finally what is causing it. Here is the same issue again but with more details:

The “Exchange Domain Servers” group from root domain (domain.net) getting automatically removed from Exchange Enterprise Servers Group.
So there is one parent domain domain.net and 5 child domains. Exchange 2003 servers are installed in each child domain. Exchange 2010 Hybrid was installed in the root domain Domain.com

We were getting Insufficient permissions error when moving mailboxes to the cloud as well as from 2k3 to 2010. We discovered that once we added “Exchange Domain Servers” from root domain to “Exchange Enterprise Servers” for every child domain, the issue with permissions was resolved……Only, this group disappears….Only “Exchange Domain Servers” from root domain goes missing. We checked Group Policy and confirmed that they didn’t have 3rd party tool running. Still the group keeps disappearing from Exchange Enterprise Servers. Happens in less than 10 min.

Discovered now in the security logs that Exchnage 2003 server is removing ithe member from the group every 5-10 min!!!

Please let me know your suggestions.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Did you try running Domainprep ?

- Rancy
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 6
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now