Hi folks; I'm running Exchange 2010. When the original install was done we had two DC's and all was well. Recently, I added another DC. I went into Exchange to modify some user settings and got an INSUFF_ACCESS_RIGHTS error with respect to that new DC; -------------------------------------------------------- Microsoft Exchange Error -------------------------------------------------------- The following error(s) occurred while saving changes: Set-User Failed Error: Active Directory operation failed on dc2.newcontroller.com. This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 The user has insufficient access rights. Is there something that needs to be done when adding a new domain controller?

Nothing should normally need to be done that's Exchange-specific when adding another domain controller. You could try rerunning Exchange 2010: Setup /PrepareLegacyExchangePermissions Setup /PrepareAD Setup /PrepareAllDomains Run these from the media for the latest service pack you've installed.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

I would ensure that your domain controllers are properly replicating. It sounds as though you may have DC that isn't operating correctly. There should be no need to rerun any of the setup steps. The below article overviews troubleshooting the domain: http://technet.microsoft.com/en-us/library/cc755349%28WS.10%29.aspxChris Raschke | C/D/H - www.CDH.com

Hi, Force the AD replica. Then try to modiy the user settings once again. If the issue persists, then rerun the setup prepare that was mentioned in Ed's post. Gen Lin TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com

Thanks for the replies everyone :-) I forced a replication from the other DC's and then re-tried modifying a user's settings and learned something new. I only seem to get that error when I'm modifying my own mailbox :-) This time is reported that it was accessing my first DC and coughed up the same error. So it seems to be related to that one particular mailbox. At this point I think I'll leave it alone for a while - it's not that important - yet :-) Thanks for the help everyone!