Fix Exchange 2016 Error – “Insufficient Access Rights to Perform the Operation”

Megha Sharma    Megha Sharma     Updated On - 20 Jul 2018

While trying to create a remote mailbox for an on-premises AD user, Exchange may throw an ‘Insufficient access rights’ error if you don’t have sufficient permissions. This error usually occurs in a hybrid Exchange environment, when you try to create an Office 365 mailbox for an on-premises AD user by running a cmdlet –

Enable-RemoteMailbox “username” -RemoteRoutingAddress <SMTP address of the mailbox>

The error message looks like this –

Error: “Active Directory operation failed on <xxxxx>. This error is not retriable. Additional information: Insufficient access rights to perform the operation.”

The error indicates that settings in Exchange 2016 does not provide full permissions, and so accessing the mailboxes is prohibited.

How to resolve the error?

You can fix this issue by following the steps:

Step 1. Open the Active Directory object of the on-premises Exchange user. Go to the Security tab.

Step 2. A list of permissions is displayed. Try to compare this list of permissions with that of another user account that works properly. To fix the permission differences, click Advanced.

Step 3. Now verify that all the permissions are enabled. Click Enable Inheritance tab and enable Include inheritable permissions from this object’s parents option. Finally click OK.

After this step, Exchange now has all the required permissions for creating a remote mailbox in Exchange for an AD user . So, run the Enable-RemoteMailbox cmdlet once again, and you can execute the command this time without any errors.


Sometimes, an “Insufficient rights…” error is displayed when you try to create a remote mailbox for an AD user in a hybrid Exchange environment. This is because you don’t have sufficient permissions. You can fix this issue from the AD by enabling inheritance for the user.