Encountering and error like “active directory operation failed insuff_access_rights” can only originate from Exchange Server 2010 or Exchange Server 2007, if you are trying to remove an Active Directory user, with an Exchange mailbox using the Exchange Management Console. The error message can also appear if you are using the Exchange Management Shell.
Having a Summer Interns working with you as an Exchange Server Administrator can help you clean up many databases that you normally would never have time to clean up, especially an Exchange database.
More about the summer intern later, lets us get to the solution for this error first. This error is normally triggered due to a permissions problems. Even though you may be in the administrators group in Active Directory, or even a part of the Enterprise group you would still receive this error, as long as access rights are not inherited, from containers above.
Active Directory operation failed on *DomainController*. This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150E8A, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 The user has insufficient access rights.
Exchange Management Shell command attempted:
’*OUStructure*’ | New-MoveRequest -TargetDatabase ‘Mailbox Database 1985885663′ -BadItemLimit ‘-1′
This error is very easily resolved. This is so simple that even a newbie can resolve. I use the term newbie because every so often we all sometimes need assistance working with error messages that we have not conquered or seen before. There is always good old Google. That is how you found this solution.
Open Active Directory Users and Computers, and ensure that Advanced Features are selected by clicking on “View” and selecting “Advanced Features”. Once this is done all you have to do is navigate to the users, or user account that you are experiencing the error message with.
Open the properties of the user in question and select their “Security Tab”. Next click on the “Advance” tab and ensure that the check box is checked in front of the words “Include inheritable permissions from this object’s parent”.
Click Next about two, or three times and then try to delete the user account in Exchange Management Console again.
Now back to the Summer Intern, if you have time to read. In the Country where I live, my Government created a program whereby they asked private Companies to Employee College and High School students at no cost to the Company.
The student is compensated by the government at the end of every week. In my opinion, I thought this was a good idea. It gives the student the opportunity to have been exposed to areas they normally would have not had an opportunity to do so. Because of the summer student that was assigned to my department, I was able to do extensive mailboxes cleanup in Exchange.
So, whenever you receive this message, “active directory operation failed insuff_access_rights”, remember your personal assistant Google, and you should easily be able to resolve this.