If you end up with message Action ‘Disable’ could not be performed on object ‘name’ along with “Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0”, there is an explanation and solution for this issue.
Is the active directory account for the Mailbox disabled? If yes, Mailbox is probably lost permission on SELF account. I would recommend enable the Active Directory account to disable or delete the mailbox.
Now the real explanation would be the account Exchange Trusted Subsystem don’t have permissions for the account to remove the Exchange attributes. It may be due the permissions are NOT inheriting to the user account.
The solution is to do the two things.
1. Give Exchange Trusted Subsystem account Full Control over the User account
- Open Active Directory Users and Computers console
- Click View –> Advanced Features
- Find the User account and double click to open the properties.
- Click on Security Tab
- Select Exchange Trusted Sub System and check the box for Full control permission.
2. Enable permission In-heritance
- On the Security tab on user account properties (see above picture), click on Advanced button
- Check the box for
Wait for Active Directory Replication to happen or trigger manual replication between servers and sites. Try disable or delete operation again on the same mailbox.
If that works for you, reply “Yay!” for me here.