Microsoft KB Archive/842033

= &quot;Access Denied&quot; error message when you move mailboxes by using the Exchange Task Wizard in Exchange Server 2003 =

Article ID: 842033

Article Last Modified on 10/25/2007

-

APPLIES TO


 * Microsoft Exchange Server 2003 Enterprise Edition
 * Microsoft Exchange Server 2003 Standard Edition

-





SYMPTOMS
When you try to move a mailbox by using the Exchange Task Wizard in Microsoft Exchange Server 2003, an access denied error message that is similar to the following appears in the Task Wizard report file:   - 



- 

-



CAUSE
This issue may occur if the account that you are using to run the Exchange Task Wizard does not have the correct permissions for the following attributes on the user object:

'''Read/write msexchhomeservername

Read/write homemdb

Read/write homeMTA

Read/write msExchOmaAdminWirelessEnable

Read/write msExchOmaAdminExtendedSettings

Read/write targetAddress

'''

This issue typically occurs in a multiple-domain forest where your account and the user's account that you want to move exist in different domains. Although you may be a domain administrator of your domain, you are not a domain administrator of the remote domain where the user's account exists.

Note The Microsoft Exchange 2000 move-mailbox operation does not look for the msExchOmaAdminWirelessEnable attribute or for the msExchOmaAdminExtendedSettings attribute.



RESOLUTION
To resolve this issue with the minimum set of permissions, you must assign the following attributes on the organizational unit that contains the user object. You must assign the attributes either to yourself or to your Domain Admins group:

'''Read/write msexchhomeservername

Read/write homemdb

Read/write homeMTA

Read/write msExchOmaAdminWirelessEnable

Read/write msExchOmaAdminExtendedSettings

Read/write targetAddress

'''

To do this, follow these steps:  Start Active Directory Users and Computers. On the View menu, click Advanced features. Right-click the organizational unit that contains the user account whose mailbox you want to move, and then click Properties. Click the Security tab.</li> Click Add, and then add either your account or the Domain Admins group that contains the domain administrators who will use the Exchange System Manager to move mailboxes that belong to the remote domain.</li> With the Domain Admins group selected or with your administrative user selected, click Advanced.</li> With the appropriate permissions entry selected, click Edit. (If you are using Microsoft Windows 2000, click View/Edit ).</li> Click the Properties tab, and then click User Objects in the Apply onto box.</li> Click to select the check box in the Allow column for the following permissions:

'''Read/write Exchange Home Server

Read/write Exchange Mailbox Store

Read/write homeMTA

Read/write msExchOmaAdminWirelessEnable

Read/write msExchOmaAdminExtendedSettings

Read/write targetAddress'''

</li> Click OK to close the open dialog boxes.</li> Force Active Directory replication over all connections between domain controllers, or wait for all domain controllers in the domain to replicate. To force Active Directory replication, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.</li> Expand Sites, expand Default-First-Site-Name, expand Servers, expand, and then click NTDS Settings.</li> In the right pane, right-click each connection that is listed, and then click Replicate Now.</li> Quit the Active Directory Sites and Services snap-in.</li></ol> </li></ol>

<div class="moreinformation_section">

MORE INFORMATION
To resolve this issue, you can also add your account to the remote domain's built-in Administrators group; however, we do not recommend this method.

Note To view the Task Wizard report file, click to select the View detailed report when this wizard closes check box after the move-mailbox operation is complete. The Task Wizard report file is stored in the following folder:

%systemdrive%\Documents and Settings\ \My Documents\Exchange Task Wizard Logs

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Keywords: kbnofix kberrmsg kbbug KB842033

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.