In the middle of an Exchange data migration, and having full Domain Admin & Exchange Admin rights, I receive this troublesome error message — Error: Active Directory operation failed on XYZ. This error is not retrievable. Additional information: Insufficient access rights to perform the operation.
This error was presented to me when attempting to complete local mailbox moves of 8 specific user mailboxes. The hundreds of other user mailboxes moved happily from Exchange 2007 to Exchange 2010. These last 8 refused to move regardless of what rights I assigned myself. The solution is detailed in this post.
- Find the domain user associated with the mailbox move error:
- Login to a domain server with domain admin credentials
- Open Administrative Tools | Active Directory Users and Computers
- In the View Menu, check the “Advanced Features” menu item
- Click the “Find Objects” button
- Find the user you are searching for…
- Open user Properties | Security | Advanced:
- Double-click the user name to bring up the Properties dialog box
- Goto the Security tab
- Click the Advanced button
- Reset the permissions on the errant user:
- Check the “Allow inheritable permissions…” checkbox
- Click the Apply button and then OK to close the Advanced dialog box
- Click the OK button to close the Properties dialog box
- Retry the Exchange 2010 local move request… it works!