Active Directory operation failed on ad.domain.local. This error is not retriable. Additional information: Access is denied

When new mailbox created getting below error.

Active Directory operation failed on ad.domain.local. This error is not retriable. Additional information:
Access is denied.
Active directory response: 00000005: SecErr: DSID-031A1256, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : NotSpecified: (:) [New-Mailbox], ADOperationException
+ FullyQualifiedErrorId : [Server=exchange,RequestId=69610c9c-7840-4531-8193-bf1658170089,TimeStamp=5/25/2017 5:32:
27 AM] [FailureCategory=Cmdlet-ADOperationException] BCCD1276,Microsoft.Exchange.Management.RecipientTasks.NewMail
box
+ PSComputerName : exchange.domain.local

Solution:

1. On a domain controller for ECSC logged in with domain admin credentials, open “Active Directory Users and Computers”

2. Turn on Advanced features: View, Advanced features (should be checked when on)

3. Right click the Domain object, then click properties

4. In the properties windows, select “Security Tab”

5. Click advanced should look similar to:

6. To add the missing rights, click add

7. In “Enter the object name to select”, type: Authenticated Users then click “OK”

8. In the “Permissions Entry…” change Applly to: “This object only” and check Allow for “Unexpire password” and “Update password not required bit” like this:

9. Click “OK”

10. Click “OK” on the Advanced Security Settings

11. Click “OK” on the Domain Properties

12. To test, open LDP under the system context on the Exchange server, connect to the DC you made the changes on, and attempt to set the pwdLastSet to -1

13. Once domain replication is completed, this the new-mailbox command should work.

14. If 12 worked, please test the new-mailbox command

If it still doesn’t work, please post out the detailed event error message of this event.

Source credits : https://social.technet.microsoft.com/Forums/office/en-US/ea7b5f74-84db-4046-af0c-b742a77f47ac/unable-to-create-new-mailbox-permission-error?forum=Exch2016Adm#714946f0-aa0e-4c06-ac57-48504de9e7c6

 

 Category: Exchange
About Kingson Jebaraj

<p>Microsoft MVP, Blogger, Owner and Publisher for Cloudexchangers.com, Microsoft TechNet Author, Solution Architect, Former Office365 Technical Lead for Microsoft(Partner) </p> <p>Extensive knowledge and experience in Microsoft Exchange and Cloud Messaging Services and has got more exposure on Messaging environment deployment,migration,designing and other project management activities, I have earned real time experience in handling multi-site distributed critical large environment of messaging system.</p> <p>Been awarded as an MVP (Microsoft Most Valuable Professional) for Office Servers and services from Microsoft for an exceptional real world contribution made through Microsoft forums and other Microsoft communities.</p> <p>Currently working as “Solution Architect” on Private/Public cloud and SaaS environment for Pacific Controls, UAE, Dubai. One of the largest TIER III certified green data center campus in the middle east.</p>

Leave a Reply