During a recent migration project from Exchange 2003 to Exchange 2010, I received an error while moving a mailbox over to the new server…
Active Directory operation failed on ADSERVER. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003
The user has insufficient access rights.
After comparing the AD user’s ACL against another user that was already migrated, I noticed some major differences. The problem was that sometime in the past someone had fiddled where they shouldn’t have been fiddling…
In Active Directory, go to View and tick Advanced Features
Go to the user’s properties, select the Security Tab
Click Advanced
Tick “Include inheritable permissions from this object’s parent”