Resolving Exchange User Mailbox Move Error

exchange fix user rights error

In the middle of an Exchange data migration, and having full Domain Admin & Exchange Admin rights, I receive this troublesome error message — Error: Active Directory operation failed on XYZ. This error is not retrievable. Additional information: Insufficient access rights to perform the operation.

This error was presented to me when attempting to complete local mailbox moves of 8 specific user mailboxes. The hundreds of other user mailboxes moved happily from Exchange 2007 to Exchange 2010. These last 8 refused to move regardless of what rights I assigned myself. The solution is detailed in this post.

  1. Find the domain user associated with the mailbox move error:
    • Login to a domain server with domain admin credentials
    • Open Administrative Tools | Active Directory Users and Computers
    • In the View Menu, check the “Advanced Features” menu item
    • Click the “Find Objects” button
    • Find the user you are searching for…
  2. Open user Properties | Security | Advanced:
    • Double-click the user name to bring up the Properties dialog box
    • Goto the Security tab
    • Click the Advanced button
  3. Reset the permissions on the errant user:
    • Check the “Allow inheritable permissions…” checkbox
    • Click the Apply button and then OK to close the Advanced dialog box
    • Click the OK button to close the Properties dialog box
  4. Retry the Exchange 2010 local move request… it works!