Exchange 2010 issue

[anything I don't mind]

Currently at one site we have a exchange 2003 and 2010 mixed environment. My colleague set up the exchange 2010 server and left almost right afterwards. Before i went on leave two weeks ago, i could move mailboxes from the 2003 to 2010 without any problems. I move a handful of mailboxes to the new 2010 server.

This week i have tried moving mailboxes again and i am getting insufficient rights error. I google the error and it appears to be "one of the common errors when moving mailboxes" the solution for that specific error is to make sure inheritable rights is enabled on the user accounts. I have checked this setting and it is enabled and problem still persists when moving mailboxes.

On a separate issue, we had a user leave that was marked as non vivible on the gal. A user wanted to access her mailbox so i re-enabled the mailbox visibility but it was not showing up. So i googled how to run a gal update on the 2010 server. The update went through ok but strangely i get the same error on that specific account that i get when moving mailboxes:

error on the GAL update:

WARNING: Failed to update recipient "******/Users/Leavers/username". The following exception occurred: Active Directory operation failed on ******. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Error on mailbox move:

Insufficient Access Rights to Perform the Operation

Error:

Active Directory operation failed on DC.domain.com. This error is not retriable. Additional information: Insufficient access rights to perform the operation.

Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

The user has insufficient access rights.

Exchange Management Shell command attempted:

‘domain.com/Users/User Name’ | New-MoveRequest -TargetDatabase ‘User Mailbox Database’

Any idea what might have caused this issue?

 

[MasterPlan1]

Try giving yourself full perms over that mailbox, and are you running from an elevated prompt?

 

[anything I don't mind]

I logged in to exchange server with the main admin account that has the only exchange management role. I ran a command on exchange 2010 server to see which accounts had that role because the backup software required an account with that role. So i know the admin account has that role.

The admin account has full permissions over every mailbox through ad security tab. Admittedly the permissions on the AD accounts are quite messy as they go back 10 years.

edit: http://www.petenetlive.com/KB/Article/0000719.htm

Found this article, any risk in enabling inheritable permissions on the adminsdholder ou?

OK I did the change and its fixed. nevermind.