I installed Exchange 2013 into our existing Exchange 2010 environment.  I have moved 2 mailboxes (one of them mine) from Exchange 2010 to one of the Exchange 2013 databases.  The mail seems to be flowing properly.

I do not seem to be able to perform mailbox administration in Exchange 2013.  I am trying to grant another user ID "send as" permission to my mailbox.  I can select the user ID, but when I click "Save" I get the message: "Active Directory operation failed on DC1.mycorp.com.  This error is not retriable.  Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0."

I verified that I am a member of the Organization Management role group as well as being a member of the Exchange Organization Administrators security group.  I am a member of all Exchange and Domain administrative groups except Schema Admins.  I can still perform full administration within Exchange 2010.

I also tried logging in as the administrative userID I used when installing Exchange 2013, but got the same results.

Any idea why I am unable to manage mailboxes in Exchange 2013?

Thank you very much for your help.

• Edited by Logan Burt 15 hours 48 minutes ago punctuation correction

Hi ,

Through dsa.msc console ,Please check the option "enable inheritance" on the user account on which you are trying to apply the full access.

Another option is to provide the full access by using the exchange management shell and for that also we need to have the option "enable inheritance" needs to be enabled on the user object on which you needs to apply the send as access.

Add-ADPermission "nithya" -User "karthick" -Extendedrights "Send As"

On the above example karthick will be getting the send-as permission over nithya's mailbox.

Hi Logan,

from where did you try to manage Exchange 2013 mailboxes?

Exchange 2010 or Exchange 2013 console?

By default Exchange 2010 cannot manage Exchange 2013 mailboxes and vise versa.

Try Managing from Exchange 2013 EAC or Exchange 2013 EMS it should help you.

Is this issue with all users or few users or users in a Specific OU.

problem 4003 (INSUFF_ACCESS_RIGHTS) is usually due to Inheritance Block.

In case if this is an issue with one user you might have to allow inheritance as suggested by S.Nithyanandham.

In case if it is with users in Specific OU then make sure that the OU in which problematic users exists doesn't have inheritance block.

revert back with the information i have request for !

Thank you very much!  Once I enabled inheritance, I was able to grant access. 

This does bring up another concern, though.  This mailbox is from a privileged account, so inheritance was blocked by default.  Am I creating another problem by enabling inheritance, or is it safe to do so?

Thanl you again for the answer.

Hi ,

Based on my knowledge , enabling the inheritance on the user mailbox will not harm anything.

Good to know.  Thank you again; I really appreciate the help.