Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Scenario:
User is not able to access Mailbox. Unable to open the recipient from EMC.
Running the Clean-Mailboxdatabase <Database Name> command resulted in the Mailbox on Disconnected Mailbox
Connect-Mailbox -Identity 'xxxxxxxxxxxxxxxxxxxx'-Database 'DBNAME' -User 'contoso\user' -Alias 'user'
Failed
Error:
Active Directory operation failed on <___domain controller> ahis error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.
Exchange Management Shell command attempted:
Connect-Mailbox -Identity 'xxxxxxxxxxxxxxxxxxxx'-Database 'DBNAME' -User 'contoso\user' -Alias 'user'
Resolution:
- Open Active Directory Users and Computers.
- Click View, and then click Advanced Features.
- Right-click the OU that contains the user and then click Properties.
- In the Security tab, click Advanced.
- In the Permissions tab, click Add.
- In the Enter object name to select box, type Exchange trusted subsystem, and then click OK.
- In the Object tab, select This object and all descendant’s objects in the Apply onto list, locate Modify Permissions in the Permissions list, and then set it to Allow.
- Click OK
- Make sure above option is checked on all OU’S listed in the object path of the user object
Comments
- Anonymous
September 27, 2016
This is very helpful article. Good one Karthick. - Anonymous
September 28, 2016
Good one...Keep it up. - Anonymous
November 21, 2016
This is really helpfull ,saved load of time.Thank you so much - Anonymous
March 20, 2017
Thank you very much. clear and to the point. thanks once again. - Anonymous
October 07, 2017
Excelente ayuda,muchas gracias, - Anonymous
January 21, 2018
Thank you!!! - Anonymous
April 03, 2018
I have been able to add a number of users to Exchange without having to add this permission.We have < 50 users and only one OU. Some can be added, some not. Same error on each that can't be added.Both ___domain controllers are 2012, no errors. Everything patched and rebooted. Exchange 2016 on Server 2016 OS.