Exchange 2013 Troubleshooting: Insufficient access rights Issue
Symptoms
- Mailboxes are not showing up in EAC and EMS on Exchange 2013
- Mailboxes are not Disconnected
- Exchange attributes are present
- Enabling the mailbox doesn’t work
- Even creating a new mailbox for the existing user don’t work
Error message
Active Directory operation failed on DC.domain.com. This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Cause
Allow inheritable permission was missing on the OU where the mailboxes are present
Resolution
- Enabled the "Allow inheritable permission for that OU"
- Turn on Advanced features in Active Directory Users and Computers -> View -> Advanced Features
- Right click on the OU where the mailboxes are present
- Go to Properties -> Security Tab -> Advanced
- On the left bottom of the wizard, click on “Enable Inheritance”
- Click on “Apply” & “Ok”
- Mailboxes appeared in EAC and EMS
Though this issue and resolution looks straight forward and simpler, this would be more complicated in the environments where it has multiple OU’s and sub OU’s are created for managing the user accounts and permissions.
Happy learning!!