Cannot set the security descriptor of mailbox – Exchange PowerShell error when assigning permissions in Exchange 2010/2013 or 2016 co-existence

You may come across this error especially if you have not fully migrated all user mailboxes to your new exchange 2013 or 2016 servers, you are in-between migration, or you have a co-existence 2010/2013 or 2010/2016 and mailboxes get moved between those different Exchange databases, especially when you have to add full access permissions for users.

Screenshot_1

“Cannot set the security descriptor of mailbox…….. in exchange mailbox database ……..”

Below command was executed to grant full access permission to userB on userA mailbox:-

Add-MailboxPermission -Identity "userA" -User "userB" -AccessRights FullAccess -InheritanceType All

And I got the error described above.

Cause:-

Powershell is throwing this error because the mailbox that you are trying to add the full access permission is now hosted in a higher version of exchange than the server you are running the powershell command from.

In my case, it means i should be running the full access commandlet above in Exchange 2016 exchange management shell where the mailbox of userA is now hosted after it was migrated from Exchange 2010.

Solution:-

  1. Check which database the mailbox is currently on, and which version of Exchange server.

Get-Mailbox -Identity UserA | fl database,exchangeversion

2. Use Exchange powershell on a higher version of  exchange where the mailbox now resides after migration. If mailbox was migrated from Exchange 2010 to Exchange 2016, so you will have to run the command from Exchange 2016 management shell to add the permissions successfully.

Add-MailboxPermission -Identity "userA" -User "userB" -AccessRights FullAccess -InheritanceType All

You can always refer to this Microsoft technet link to know your versions of Exchange from the exchangeversion result you get 🙂 

https://technet.microsoft.com/en-us/library/hh135098(v=exchg.150).aspx

Leave a comment and let me know if it worked for you.