We came across an error today when we were trying to move a mailbox from Exchange 2003 onto Exchange 2010 which was stopping us moving the mailbox.

Active Directory operation failed on DC. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

1, Open Active Directory Users and Computers and View advanced features

2, Find the user account for the mailbox with the issue and go to the properties of this account

3, Go to the security tab and hit advanced

4, Now check the box that says include inheritable permission and apply this setting.


5, Now rerun the mailbox this move, this will fail but we are just running this to obtaining the CMDLET to cancel our previous move.

6, Run the remove request that you get displayed in the exchange console

The queue in “Store Name” database already contains a move request for ‘User’, while AD reports the mailbox as not being moved. It is possible that someone created this move request recently, while targeting a different domain controller, and AD replication did not yet occur. You can examine this move request by running ‘Get-MoveRequestStatistics -MoveRequestQueue ‘Store Name’ -MailboxGuid 4b525a83-cdc7-421b-84e1-ea6291cdd6d7 -IncludeReport | fl’. If you believe this to be an abandoned move request, you can remove it by running ‘Remove-MoveRequest -MoveRequestQueue ‘Store 3 Name’ -MailboxGuid 4b525a83-cdc7-421b-84e1-ea6291cdd6d7′.

Elapsed Time: 00:00:00

Summary: 1 item(s). 0 succeeded, 1 failed.
Elapsed time: 00:00:01

7, Now Re-Run the mailbox move and this will complete :)


Daniel Davies

Post to Twitter