Solved

The user has insufficient access rights when moving mailboxes

Posted on 2013-11-01
11
2,679 Views
Last Modified: 2013-11-13
I still get this error and tried different accounts that have all the right permissions including: Enterprise Admins, Exchange Full Admins, Exchange Organizational Manament.

Please advice.

THank you very much!

Active Directory operation failed on dc01.domain.net. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.
Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.3.158.1&t=exchgf1&e=ms.exch.err.Ex6AE46B
Exchange Management Shell command attempted:
domain.net/USA/MIS/test user.' | New-MoveRequest -TargetDatabase 'Mailbox Database 1674393878'
0
Comment
Question by:claudiamcse
  • 6
  • 3
  • 2
11 Comments
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
Comment Utility
So your saying the account is member of Exchange Org Admins .... as if so can you explicitly add the account to Recipient Admins group and if possible restart Information store service and try the move

- Rancy
0
 

Author Comment

by:claudiamcse
Comment Utility
I have only Recepient Management Group. Added there
0
 
LVL 34

Accepted Solution

by:
Seth Simmons earned 500 total points
Comment Utility
another possibility is inherited permissions
if you go to the properties of that user object in AD and on the security tab then advanced and see if include inheritable permissions is checked.  if not, that could be the issue

i had this problem at my last place when migrating users from 2007 to office 365
after checking that box the mailbox moved
0
 

Author Comment

by:claudiamcse
Comment Utility
Didn't work. REceive the same error with a different DC mentioned.

Active Directory operation failed on dc03.domain.net. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.

Exchange Management Shell command attempted:
domain.net/USA/MIS/test user.' | New-MoveRequest -TargetDatabase 'Mailbox Database 1674393878'
0
 

Author Comment

by:claudiamcse
Comment Utility
Regarding  the user object in AD. You are referring for the account that I am using to move the mailbox? Correct? Or the actual mailbox that I am moving. I did that for the account that I am using to move the mailbox already.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
the account for the user's mailbox
if you're trying to move joe then it's joe's account to check

your account permissions would only be at the exchange org level as mentioned in the beginning
0
 

Author Comment

by:claudiamcse
Comment Utility
Yes. we did that and still getting the error
0
 

Author Comment

by:claudiamcse
Comment Utility
Did all this and still getting an error:
Warning: Unable to update Active Directory information for the source mailbox at the end of the move. Error details: An error occurred while updating a user object after the move operation. --> Active Directory operation failed on dc01.domain.net. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
 --> The user has insufficient access rights.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
Comment Utility
Do you have appropriate Domain Admin rights to perform any changes in AD level ?

- Rancy
0
 

Author Comment

by:claudiamcse
Comment Utility
So, we found finally what is causing it. Here is the same issue again but with more details:

The “Exchange Domain Servers” group from root domain (domain.net) getting automatically removed from Exchange Enterprise Servers Group.
So there is one parent domain domain.net and 5 child domains. Exchange 2003 servers are installed in each child domain. Exchange 2010 Hybrid was installed in the root domain Domain.com

We were getting Insufficient permissions error when moving mailboxes to the cloud as well as from 2k3 to 2010. We discovered that once we added “Exchange Domain Servers” from root domain to “Exchange Enterprise Servers” for every child domain, the issue with permissions was resolved……Only, this group disappears….Only “Exchange Domain Servers” from root domain goes missing. We checked Group Policy and confirmed that they didn’t have 3rd party tool running. Still the group keeps disappearing from Exchange Enterprise Servers. Happens in less than 10 min.

Discovered now in the security logs that Exchnage 2003 server is removing ithe member from the group every 5-10 min!!!

Please let me know your suggestions.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
Comment Utility
Did you try running Domainprep ?

- Rancy
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
how to add IIS SMTP to handle application/Scanner relays into office 365.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now