Share via


Error: problem 4003 (INSUFF_ACCESS_RIGHTS)

Scenario:

User is not able to access Mailbox. Unable to open the recipient from EMC.

Running the Clean-Mailboxdatabase <Database Name> command resulted in the Mailbox on Disconnected Mailbox

Connect-Mailbox -Identity 'xxxxxxxxxxxxxxxxxxxx'-Database 'DBNAME' -User 'contoso\user' -Alias 'user'

Failed

Error:

Active Directory operation failed on <domain controller> ahis error is not retriable. Additional information: Insufficient access rights to perform the operation.

Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

The user has insufficient access rights.

Exchange Management Shell command attempted:

Connect-Mailbox -Identity 'xxxxxxxxxxxxxxxxxxxx'-Database 'DBNAME' -User 'contoso\user' -Alias 'user'

 

Resolution:

  • Open Active Directory Users and Computers.
  • Click View, and then click Advanced Features.
  • Right-click the OU that contains the user and then click Properties.
  • In the Security tab, click Advanced.
  • In the Permissions tab, click Add.
  • In the Enter object name to select box, type Exchange trusted subsystem, and then click OK.
  • In the Object tab, select This object and all descendant’s objects in the Apply onto list, locate Modify Permissions in the Permissions list, and then set it to Allow.
  • Click OK
  • Make sure above option is checked on all OU’S listed in the object path of the user object

Comments

  • Anonymous
    September 27, 2016
    This is very helpful article. Good one Karthick.
  • Anonymous
    September 28, 2016
    Good one...Keep it up.
  • Anonymous
    November 21, 2016
    This is really helpfull ,saved load of time.Thank you so much
  • Anonymous
    March 20, 2017
    Thank you very much. clear and to the point. thanks once again.
  • Anonymous
    October 07, 2017
    Excelente ayuda,muchas gracias,
  • Anonymous
    January 21, 2018
    Thank you!!!
  • Anonymous
    April 03, 2018
    I have been able to add a number of users to Exchange without having to add this permission.We have < 50 users and only one OU. Some can be added, some not. Same error on each that can't be added.Both domain controllers are 2012, no errors. Everything patched and rebooted. Exchange 2016 on Server 2016 OS.