Sunday, September 11, 2011

Error: Active Directory operation failed on MCCNPWINADS02.smtp25.gov. This error is not retriable. Additional information: Insufficient access rights to perform the operation.

Are you moving mailboxes and getting similar errors if so here is quick way to fix this.

Error:

Active Directory operation failed on MCCNPWINADS02.smtp25.gov. This error is not retriable. Additional information: Insufficient access rights to perform the operation.

Active directory response: 00002098: SecErr: DSID-03150E8A, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

The user has insufficient access rights.

Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.1.218.11&t=exchgf1&e=ms.exch.err.Ex6AE46B

Warning:

When an item can't be read from the source database or it can't be written to the destination database, it will be considered corrupted. By specifying a non-zero BadItemLimit, you are requesting Exchange not copy such items to the destination mailbox. At move completion, these corrupted items will not be available at the destination mailbox.

  • Open up ADUC snap in, turn on Advance futures

image

image

  • Locate user, go to security tab , click advance and make sure the box cheeked in where is says “ Include Inheritable permissions from this object’s parent”

image

Try to move MB after this,,,,

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

4 comments:

Anonymous said...

Fixed the issue for me. Thanks for the post.

Anonymous said...

This happened to be during a migration. Worked for me as well.

MG

Anonymous said...

Oddly, I had some mailboxes successfully move, then had to complete this for Active Sync to work. One user mailbox just would not migrate due to this.

Anonymous said...

For anyone who finds this in the future:

This checkbox will be unchecked for any user who is a member of the Domain Admins group - this is to protect those accounts from inheriting reduced permissions, and losing access.

This checkbox will not be re-checked when users are removed from the Domain Admins group.