Insufficient access rights to perform the operation in Exchange 2003

Heck, don't you just LOVE it when Exchange tells you that you don't have the rights to do something you need to do? Especially if you're the Über-Admin?! Happened to me today when I was moving a mailbox from an Exchange 2003 Server to a mailbox database on an Exchange 2010 machine.


As mentioned in the title, the Exchange Server 2010 machine complained "Insufficient access rights to perform the operation error" after I gave it the local move request. And that is AFTER I had loads of issues with that same mailbox's properties - invalid characters in the name, etc.

In the end the solution was simple: I reset the permissions on the entire AD object to default. To do so, I:

  • Went to Active Directory Users and Computers on the 2003 machine
  • Turned on the "Advanced Features" in the View menu
    Active Directory Users and Computers - Advanced Features view
  • Opened the afflicted user's properties
  • Went to the Security tab and clicked on Advanced
  • Set the checkbox on "Allow inheritable permissions..."
    Allow inheritable permissions
  • Accepted all prompts etc.
  • Re-did the move

This did the trick!

In some instances, Exchange 2010 might sometimes complain to you about "The queue in 'Store Name' database already contains a move request for ‘User’, while AD reports the mailbox as not being moved". In that case, all you need to do is to copy the PowerShell cmdlet which it is suggesting as a solution & run it in Exchange Management Shell.