Access rights error when moving mailboxes from Exchange Server 2003 to Exchange Server 2010

When I did the mailbox migrations from Exchange Server 2003 to Exchange Server 2010 yesterday, I received the following error for a couple of mailboxes:

Active Directory operation failed on <DomainControllerName>. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150E8A, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

The user has insufficient access rights.

Exchange Management Shell command attempted:
’<PathtoOrganizationalUnit>’ | New-MoveRequest -TargetDatabase ‘Mailbox Database 147171981′ -BadItemLimit ‘-1′

In my case, this was caused by inheritable permissions for the user object. To check this setting do the following:

  1. On a domain controller, Open Active Directory Users and Computers.
  2. Make sure that you have advanced features activated. Choose view and then Advanced Features.
  3. Find the user that matches the mailbox you where trying to move.
  4. Open properties for the user and navigate to the Security tab.
  5. Click on Advanced and activate the checkbox Include inheritable permissions from this object’s parent”, then click Ok twice.

And that should do it, you can try to move the mailbox again and it should work. Thanks for reading and do not hesitate to let me know if you run in to any problems!