Exchange Server 2016, one of the latest Exchange versions has many new amenities and updates better than the earlier versions. But as the different manual operations are performed on the Exchange Server like enabling a remote mailbox via Enable-RemoteMailbox cmdlet in hybrid deployment of the Exchange Server, an error is thrown in front of the user which displays like this.
Error: “Active Directory operation failed on <xxxxx>. This error is not retriable. Additional information: Insufficient access rights to perform the operation”
The reason behind this error could be that the permissions failed to update during enabling of the remote mailbox within the hybrid deployment scenario. So, the permissions need to be made available or enable from the parent Active Directory object.
Note: The above-mentioned error “Active Directory operation failed on <xxxxx>. This error is not retriable. Additional information: Insufficient access rights to perform the operation” can also appear while performing the other Exchange management tasks like migration from older version to a newer version, utilizing Exchange Management Shell commands like Set-Mailbox, Move-Mailbox, etc.
Another cause for the error can be because the SID filtering quarantining is enabled between Exchange domains in the similar forest. In such condition, Exchange Trusted Subsystem members (Exchange Servers) will not behave like members when present in other domains. It restricts the attempt of updating the recipients using the Exchange Management Shell cmdlets (Set-Mailbox, Move-Mailbox, etc.). So, the solution to fix this situation is only disabling the SID filtering quarantining between the domains within the same forest. For that, Exchange administrators need to run this command with the required values in the Command Prompt of the Exchange system.
trust TrustingDomainName **/domain:**TrustedDomainName **/quarantine:No /userD:**domainadministratorAcct **/passwordD:**domainadminpwd
Note: The above solution is applicable to Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2.
Recommended: Free methods to convert Exchange EDB to PST File
In the next section, you would find the feasible solution for this error.
Get the “Insufficient Access Rights to Perform the Operation” error fixed
As within the error message itself, it is displayed that the error occurred as the required access rights were not available or assigned to mailboxes in Exchange 2016 while executing a command, here taking the Enable Remote Mailbox command scenario. The user can fix this issue by trying a manual technique explained like this.
Enable-RemoteMailbox “username” -RemoteRoutingAddress <SMTP address of the mailbox>
Here taking the Enable Remote Mailbox command scenario, the user can fix this issue by trying a manual technique explained below.
Manual Solution to Enable Inheritance through Active Directory Object
Open your Exchange On-premises system and perform these steps-one-after another to fix the “insufficient rights…” error.
- Navigate to and open the Active Directory object related to your Exchange Server.
- Hit on the Security tab and you can view the security configurations of the AD object.
Note: You can try to compare the permissions assigned in this AD object with the properly functioning account and note down the permissions missing in the account with error.
- Once, knowing the differences, let us move ahead in the solution. Next, click on the Advanced button.
- Now, you need to select the option saying “Enable Inheritance”, enable “Include inheritable permissions from this object’s parents” option and then click on OK.
- Confirm this action by clicking on Yes on the warning dialogue box.
- Now that the permissions needed to perform the Exchange Management tasks are assigned, users can now run the “Enable Remote Mailbox” command.
Output of the Solution
The end result of performing the above steps is that the On-premises Exchange Server has been provided with permissions sufficient enough to create a remote mailbox in it. And now the users can run Enable-RemoteMailbox cmdlet as stated in the beginning without worrying for any error.
What is the ultimate solution?
So, the manual technique described above could help users facing trouble due to the “Insufficient rights” error. Also, we have a full-proof solution for you to access one Exchange version data to another Exchange version by direct automated migration software the Exchange Migrator. It is a robust and most secure tool that allows shifting or moving data from any one version of Exchange Server to another version quite conveniently. Exchange Migration tool supports all Exchange Server versions including the latest Exchange 2019 for migration. Apart from secure migration, it offers migrating only desired data to the destination with intuitive filter options. The User Interface is quite interactive and user-friendly. Get more knowledge about the features and working of the tool at its website link. Users can download the free demo version of the tool and experience its working themselves before going to buy its full version.
A simple manual way to deal with the error occurred in Exchange Server 2016 – “Insufficient Access Rights to Perform the Operation” while trying to enable a remote mailbox causing the failure of the operation is discussed and an alternative solution Exchange Migrator tool for moving and accessing the data in difficult solutions in different versions of Exchange Server is also brought in light for all users.