Click on the Category button to get more articles regarding that product.
ERROR: You want to delete a Exchange MAILBOX of a user. The user account is decativated.
Crypt error: 0000005: SecErr: DSID-03152d1c, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
This is because a local normal employee user has the ADMINSholder/adminCount flags set to 1/true. (Which is not good in Domain Environments)
This is because the Active Directory user account has inheritance for security permission disabled:
You can find info what that means here in detail explained from us:
https://www.butsch.ch/post/exchange-activesync-1053-event-4003-error-2007201020132016-adminsholder/
To found affected accounts:
Here is PowerShell sample to find the users under your ROOT ADS with excluding certain OU Like deactivated or service:
Get-ADUser -Filter {admincount -gt 0} -Properties adminCount -ResultSetSize $null -SearchBase “DC=yourdomain,DC=local” | Where-Object { $_.DistinguishedName -notlike “*OU=Benutzer_deaktiviert*” -and $_.DistinguishedName -notlike “*OU=SERVICE_users_IT*” -and $_.DistinguishedName -notlike “*CN=Users,DC=yourdomain,DC=local” } | Format-List DistinguishedName, Enabled, SamAccountName
Workaround for those accounts so you can delete the Mailbox in Exchange ECP or Powershell.
Check the user account
After that you can Delete the Mailbox with no error.