none
c# powershell Enable-Mailbox cmdlet throw below error RRS feed

  • Question

  • Getting below error in event log while trying to enable-mailbox for an existing user through web application by ushing runspaceconfiguration powershell. I am executing enable-mailbox code as an administrator user by using Impersonate, application is not throwing any error but getting error in event log:

    Log Name:      MSExchange Management

    Source:        MSExchange CmdletLogs

    Date:          12-04-2013 10:43:01

    Event ID:      6

    Task Category: (1)

    Level:         Error

    Keywords:      Classic

    User:          N/A

    Computer:     

    Description:

    The description for Event ID 6 from source MSExchange CmdletLogs cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:

    Enable-Mailbox

    {DomainController=abc-xyz-lxm.childDomain.ParanetDomain.com, Alias=sunil.saini, Identity=LE1007, Database=DataStorage}

    Default Host-Local

    2620

    10

    00:00:04.2189390

    View Entire Forest: 'True',

    Microsoft.Exchange.Data.Directory.ADOperationException: Active Directory operation failed on ABC-MUM-DC01.ABC.UATGROUP.COM. This error is not retriable. Additional information: Insufficient access rights to perform the operation.

    Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

    ---> System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights.

       at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)

       at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)

       at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, IAccountingObject budget, Nullable`1 clientSideSearchTimeout)

       at Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)

       --- End of inner exception stack trace ---

       at Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)

       at Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)

       at Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave, IEnumerable`1 properties)

       at Microsoft.Exchange.Data.Directory.Recipient.ADRecipientSession.Microsoft.Exchange.Data.IConfigDataProvider.Save(IConfigurable instance)

       at Microsoft.Exchange.Management.RecipientTasks.EnableMailbox.PrepareRecipientObject(ADUser& user)

       at Microsoft.Exchange.Management.RecipientTasks.EnableRecipientObjectTask`2.PrepareDataObject()

       at Microsoft.Exchange.Configuration.Tasks.SetTaskBase`1.InternalValidate()

       at Microsoft.Exchange.Configuration.Tasks.ObjectActionTask`2.InternalValidate()

       at Microsoft.Exchange.Configuration.Tasks.RecipientObjectActionTask`2.InternalValidate()

       at Microsoft.Exchange.Management.RecipientTasks.EnableMailbox.InternalValidate()

       at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()

    ServerOperation

    System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights.

       at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)

       at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)

       at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, IAccountingObject budget, Nullable`1 clientSideSearchTimeout)

       at Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)

    the message resource is present but the message is not found in the string/message table

    Tuesday, April 16, 2013 6:20 AM

All replies

  • Hi SunilSSaini,

    As per the event description, it seems like an authentication error.

    "Microsoft.Exchange.Data.Directory.ADOperationException: Active Directory operation failed on ABC-MUM-DC01.ABC.UATGROUP.COM. This error is not retriable. Additional information: Insufficient access rights to perform the operation.

    Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

    ---> System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights."

    "System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights."

    Please go through the following post for correct implementation of impersonation.

    http://www.codeproject.com/Articles/4051/Windows-Impersonation-using-C

    Tuesday, April 16, 2013 7:22 AM
  • Hi

    Check this

    http://www.itexperience.net/2011/06/27/active-directory-operation-failed-insuff_access_rights-in-exchange-2010/

    You should first enable the Advanced Features in ADUC. To solve your problem, these are basically the steps you need to perform:
    Open Active Directory Users and Computers with domain administrative rights.
    Choose View, and check Advanced Features
    Locate the user in Active Directory, right click and choose Properties
    Go to the tab Security and uncheck and recheck the Include 
    inheritable permissions from this object’s parent option.
    This will re-apply the permissions


    Whenever you see a helpful reply, click on Vote As Helpful & click on Mark As Answer if a post answers your question.

    Tuesday, April 16, 2013 7:35 AM