Issue deleting Mailbox – Active directory response: 00000005: SecErr: DSID-03152612, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Recently, one of my customers reported a problem that he was unable to delete a mailbox of a former employee.
When trying to do this in the Exchange admin Center (EAC), he received the following error message:

 

I tried to delete the mailbox via the Exchange Management Shell, but I knew that this probably wouldn’t work either. However, if it failed on the shell I would get a better error description.
My attempt was to delete the mailbox with the command:

I like to use the -Force command when I have the assumption that “normal” will not work.
After issuing the command I got the following output:

 

If we take a closer look at the error message, it is about the following message:
Access is denied. Active directory response: 00000005: SecErr: DSID-03152501, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

This error message can be interpreted to indicate that there is an authorization problem and the mailbox/active directory account cannot be deleted.
In most cases this problem can be solved relatively easily. First of all you have to check which permissions were given to the user. Should this user be Domain Admin, Enterprise Admin, etc. Should these permissions be removed in a first step.

In a second step there is usually a problem with the inheritance of permissions. To be able to view and edit them we need to display the Advanced Features in the Active Directory Users and Computers:

 

Then we browse to the relevant user and open the properties:

 

On the Security tab we click on Advanced:

 

Here we click on Enable inheritance and confirm this with Apply:

 

Afterwards we get a warning regarding the inheritance.

 

Note:
I recommend that you also check if the Exchange Trusted Subsystems are authorized, often this can lead to such problems as well:

 

After we made these adjustments, I switched back to the Exchange Management Shell and ran my command to delete the mailbox:

This time the input was successful and I could delete the no longer needed mailbox…

 

 

 

 

Photo by Steve Johnson on Unsplash


Leave a Reply

Your email address will not be published. Required fields are marked *