Active Directory operation failed on... Insufficient access rights to perform the operation


When trying to move a mailbox to another database, you get the following error message:

"Active Directory operation failed on dc.domain.local. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

The user has insufficient access rights.

Exchange Management Shell command attempted:
'domain.local/whatever-ou/username' | New-MoveRequest -TargetDatabase 'Mailbox Database 1280276626'"


1. Open "Active Directory Users and Computers" (dsa.msc).
2. Go to "View" and make sure "Advanced Features" is checked, if it isn't - check it.
3. Find the problematic user and open its "Properties" (right click --> Properties).
4. Go to the "Security" tab and click on the "Advanced" button.
5. Click on the "Restore defaults" button to reset the user's permissions.

You'll need to remove the failed move request before you'll be able to issue another move request with powershell, however, by trying to move the mailbox again, you'll get the complete Remove-MoveRequest command in the error message.

Affected software:

Microsoft Exchange 2010


Comment #1 from DamKeypehem [Username: Guest] at 14/02/2011 17:12
Sorry for the stupid question. What is the best search engine or
Comment #2 from ForumJoBa [Username: Guest] at 27/04/2011 22:43
Hello, I am new on this forum... Glad to see you all
My name is Ferio Larco. Living in California. Would like to find here new friends and to speak a bit about main topic:))

Add new comment
Anti-Bots verification code (just write 1234):