During a recent migration project from Exchange 2003 to Exchange 2010, I received an error while moving a mailbox over to the new server…
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgf2Pnno1Y6_7LSbcCQQxiOjAMvR-E3tEqfra5nkO5iYRE6dXo8mhY6Rrc1FDUU7csfakNfg9RUUUw8B3J9EQrQ39a1LokoIzWcEVuvskcMK01SEXD9AfoxTyPtJLZINyYlX9M4ogvOZkxT/s400/move_request.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghAIUSIsszd_4Yq4DcSi-0EMq8aALfx_JRCfmMrdbaJOLyaQ_08P4HP5pmWRXc7n6girnt0y4zYH26WXQUeEVDUeWTYj5z_gBW4hR3cnTVObgWbgZdELBcYn2q9gN-JK_L1oCYog8Kon5V/s400/AD_settings.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgf2Pnno1Y6_7LSbcCQQxiOjAMvR-E3tEqfra5nkO5iYRE6dXo8mhY6Rrc1FDUU7csfakNfg9RUUUw8B3J9EQrQ39a1LokoIzWcEVuvskcMK01SEXD9AfoxTyPtJLZINyYlX9M4ogvOZkxT/s400/move_request.jpg)
Active Directory operation failed on ADSERVER. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003
(INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.
After comparing the AD user’s ACL against another user that was already migrated, I noticed some major differences. The problem was that sometime in the past someone had fiddled where they shouldn’t have been fiddling…
Solution:
In Active Directory, go to View and tick Advanced Features
Go to the user’s properties, select the Security Tab
Click Advanced
Tick “Include inheritable permissions from this object’s parent”
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghAIUSIsszd_4Yq4DcSi-0EMq8aALfx_JRCfmMrdbaJOLyaQ_08P4HP5pmWRXc7n6girnt0y4zYH26WXQUeEVDUeWTYj5z_gBW4hR3cnTVObgWbgZdELBcYn2q9gN-JK_L1oCYog8Kon5V/s400/AD_settings.jpg)