NinjaTek

NinjaTek

Tuesday, July 19, 2011

Mailbox Move Fails in Exchange 2010



During a recent migration project from Exchange 2003 to Exchange 2010, I received an error while moving a mailbox over to the new server…




Active Directory operation failed on ADSERVER. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003
(INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.




After comparing the AD user’s ACL against another user that was already migrated, I noticed some major differences. The problem was that sometime in the past someone had fiddled where they shouldn’t have been fiddling…



Solution:



In Active Directory, go to View and tick Advanced Features
Go to the user’s properties, select the Security Tab
Click Advanced
Tick “Include inheritable permissions from this object’s parent”