This article will assist you in resolving the issue with mailbox creation. When you try to create a mailbox for an existing user, this error occurs.
Here is an error code:
Active directory response: 00002098: SecErr: DSID-03150E49, problem 4003 (INSUFF_ACCESS_RIGHTS)
This is the first time we’ve run into this error while switching mailbox accounts that existed prior to Exchange Server deployment.
The complete text of the error message is as follows:
[PS] C:Windowssystem32>Get-User John | Enable-Mailbox Active Directory operation failed on dc.xxxxxx.local. This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150E49, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 + CategoryInfo : NotSpecified: (:) [Enable-Mailbox], ADOperationException + FullyQualifiedErrorId : [Server=MAIL,RequestId=8c112c0a-8ad9-4cb2-9d28-a98ff374e8fe,TimeStamp=3/28/2016 8:30:15 PM] [FailureCategory=Cmdlet-ADOperationException] E848E14F,Microsoft.Exchange.Management.RecipientTasks.EnableMail box + PSComputerName : mail.xxxxxx.local
There is a simple solution there.
Open the Active Directory Users and Computers tool, choose a user, then use the appropriate button to allow inheritance.