During a migration at a customer I had the following issue, one I haven’t seen before. Selecting the target database went fine but when submitting the move request this resulted in the following error:
_Active Directory operation failed on dc01.lab.local. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
_ _Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.
Exchange Management Shell command attempted:
|‘lab.local/Users/Johan Veldhuis’||New-MoveRequest -TargetDatabase ‘Mailbox Database’_|
As the error already tells us it has to do something with permissions. Very strange because the account which was used was a member of both the domain admins and organization management group. So I checked the permissions on the mailbox using the get-mailboxpermission cmdlet, nothing strange there also.
I decided to search the internet and found the following solution:
- open Active Directory Users & Computers
- select the option advanced features in the menu view
- select the tab security
- press the advanced button
- select the option include inheritable permissions from this object’s parent
- try to migrate the mailbox again
Pretty easy solution compared to the error you will get.