“ Insufficient access rights to perform the operation error “ When moving a mailbox onto Exchange 2010
We came across an error today when we were trying to move a mailbox from Exchange 2003 onto Exchange 2010 which was stopping us moving the mailbox.
Active Directory operation failed on DC. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
1, Open Active Directory Users and Computers and View advanced features
2, Find the user account for the mailbox with the issue and go to the properties of this account
3, Go to the security tab and hit advanced
4, Now check the box that says include inheritable permission and apply this setting.
5, Now rerun the mailbox this move, this will fail but we are just running this to obtaining the CMDLET to cancel our previous move.
6, Run the remove request that you get displayed in the exchange console
Error:
The queue in “Store Name” database already contains a move request for ‘User’, while AD reports the mailbox as not being moved. It is possible that someone created this move request recently, while targeting a different domain controller, and AD replication did not yet occur. You can examine this move request by running ‘Get-MoveRequestStatistics -MoveRequestQueue ‘Store Name’ -MailboxGuid 4b525a83-cdc7-421b-84e1-ea6291cdd6d7 -IncludeReport | fl’. If you believe this to be an abandoned move request, you can remove it by running ‘Remove-MoveRequest -MoveRequestQueue ‘Store 3 Name’ -MailboxGuid 4b525a83-cdc7-421b-84e1-ea6291cdd6d7′.
Elapsed Time: 00:00:00
Summary: 1 item(s). 0 succeeded, 1 failed.
Elapsed time: 00:00:01
7, Now Re-Run the mailbox move and this will complete 
Daniel Davies
Great info, I was looking all day for why one mailbox wouldn’t move. As soon as I read point 1 on your blog I knew what I had forgotten not checked. I was hung up on exchange permissions, never remembered that security tab. Still, no idea how that check box came to be unset?
Thank you. This was a big help to me and my users!
this saved me a lot of time. Thank you
Worked just by applying inherited permissions- thanks
Great information. This save lot of my time. Thanks
Great! Worked like a charm!
Thanks! Worked like a charm
I have 800+ mailboxes to migrate and a number of them don’t have this option selected. No idea why. Does anyone know how I can push this down to all users without having to do 1 at a time?
This was a great help although Get-Mailbox command still show’s it on the old server.
Thank you! It works.
Thanks man this worked greatly. We are paying a vendor to manage our exchange environment and they couldnt figure this one out… I think we need our money back.
Just changed the user to inherit permissions, and this worked perfectly. Thanks so much!
This works for me!
thx!
It Worked just by applying inherited permissions, Many Thanks and Happy New Year 2012!
I love you man!
Works every time, even when trying to create new mailbox (when user is already on AD)
Thanks a million for this fix, it did the trick!!!
Thanks! Works perfect
This worked a treat for my move thank you so much for the article!!!!!!!
Amazing.
Nice, clear instructions which worked perfectly. Thanks.
Thanks!