Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

The user has insufficient access rights when moving mailboxes

Posted on 2013-11-01
11
Medium Priority
?
3,002 Views
Last Modified: 2013-11-13
I still get this error and tried different accounts that have all the right permissions including: Enterprise Admins, Exchange Full Admins, Exchange Organizational Manament.

Please advice.

THank you very much!

Active Directory operation failed on dc01.domain.net. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.
Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.3.158.1&t=exchgf1&e=ms.exch.err.Ex6AE46B
Exchange Management Shell command attempted:
domain.net/USA/MIS/test user.' | New-MoveRequest -TargetDatabase 'Mailbox Database 1674393878'
0
Comment
Question by:claudiamcse
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
11 Comments
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 39616430
So your saying the account is member of Exchange Org Admins .... as if so can you explicitly add the account to Recipient Admins group and if possible restart Information store service and try the move

- Rancy
0
 

Author Comment

by:claudiamcse
ID: 39616695
I have only Recepient Management Group. Added there
0
 
LVL 35

Accepted Solution

by:
Seth Simmons earned 2000 total points
ID: 39616707
another possibility is inherited permissions
if you go to the properties of that user object in AD and on the security tab then advanced and see if include inheritable permissions is checked.  if not, that could be the issue

i had this problem at my last place when migrating users from 2007 to office 365
after checking that box the mailbox moved
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:claudiamcse
ID: 39616771
Didn't work. REceive the same error with a different DC mentioned.

Active Directory operation failed on dc03.domain.net. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.

Exchange Management Shell command attempted:
domain.net/USA/MIS/test user.' | New-MoveRequest -TargetDatabase 'Mailbox Database 1674393878'
0
 

Author Comment

by:claudiamcse
ID: 39617323
Regarding  the user object in AD. You are referring for the account that I am using to move the mailbox? Correct? Or the actual mailbox that I am moving. I did that for the account that I am using to move the mailbox already.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 39617450
the account for the user's mailbox
if you're trying to move joe then it's joe's account to check

your account permissions would only be at the exchange org level as mentioned in the beginning
0
 

Author Comment

by:claudiamcse
ID: 39622125
Yes. we did that and still getting the error
0
 

Author Comment

by:claudiamcse
ID: 39622604
Did all this and still getting an error:
Warning: Unable to update Active Directory information for the source mailbox at the end of the move. Error details: An error occurred while updating a user object after the move operation. --> Active Directory operation failed on dc01.domain.net. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
 --> The user has insufficient access rights.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 39623703
Do you have appropriate Domain Admin rights to perform any changes in AD level ?

- Rancy
0
 

Author Comment

by:claudiamcse
ID: 39631738
So, we found finally what is causing it. Here is the same issue again but with more details:

The “Exchange Domain Servers” group from root domain (domain.net) getting automatically removed from Exchange Enterprise Servers Group.
So there is one parent domain domain.net and 5 child domains. Exchange 2003 servers are installed in each child domain. Exchange 2010 Hybrid was installed in the root domain Domain.com

We were getting Insufficient permissions error when moving mailboxes to the cloud as well as from 2k3 to 2010. We discovered that once we added “Exchange Domain Servers” from root domain to “Exchange Enterprise Servers” for every child domain, the issue with permissions was resolved……Only, this group disappears….Only “Exchange Domain Servers” from root domain goes missing. We checked Group Policy and confirmed that they didn’t have 3rd party tool running. Still the group keeps disappearing from Exchange Enterprise Servers. Happens in less than 10 min.

Discovered now in the security logs that Exchnage 2003 server is removing ithe member from the group every 5-10 min!!!

Please let me know your suggestions.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 39640904
Did you try running Domainprep ?

- Rancy
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question