[Error Fixed]: Remove MailboxDatabase Operation Fails to Clean up Health Mailboxes Error in Exchange
Summary: The “Remove MailboxDatabase operation fails to clean up health mailboxes” error usually occurs due to explicit deny permissions to delete objects in the monitoring mailboxes container. In this post, we will discuss this error in detail and provide some possible fixes to resolve it. We will also mention an Exchange repair software that can come in handy if the database gets corrupted.
There are various reasons for removing a mailbox database from the Exchange Server, such as splitting the data into multiple databases, deleting an unwanted database, and others. However, when trying to remove a mailbox database from the Exchange Server, you may face a situation where the remove process fails and you get an error message similar to the following:
Failed to remove monitoring mailbox object of database "<database name>". Exception: Active Directory operation failed on <server name>. The error is not retriable. Additional information: Access is denied. Active Directory response: 00000005: SecErr: DSID-031520B2, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0.
The above error message indicates that there is some issue with the permissions. The possible reason is that the Exchange Server Security Group has explicit Deny permission to delete objects in Monitoring Mailboxes container. This is a default security feature in Exchange Server that can override other permissions. In addition, you may fail to remove or delete a mailbox database if it contains any mailboxes or other items.
Below, we will discuss the solutions to fix the Remove MailboxDatabase operation fails error in Exchange Server.
Solutions to Resolve the Remove MailboxDatabase Operation Fails Error in Exchange Server
First, check the audit log and change management to find the cause behind such an issue and to understand what has changed recently on the server. This will assist in finding the root cause. If the cause is not clear, then follow the given solutions to resolve the issue.
1. Add Explicit Allow Permission to the Security Group
As the issue is related to permissions, you can add explicit Allow permission to the Security Group on the Monitoring Mailboxes container to resolve the issue. To change the permissions, follow the bellow step:
- On the system, navigate to Administrative Tools, and select Active Directory Users and Computers.
2. Click on View and check if Advanced Features is selected. If not, then select it.
3. From the list, double-click on Microsoft Exchange System Objects
4. Then, right-click on Monitoring Mailboxes and click on Properties.
5. In the Properties window, select the Security tab.
6. Select Advanced and then click on Select a principal.
7. Click Add button and type Exchange Servers in the Enter the object names to select field.
8. Click on Check Names and click OK.
9. Select the Allow option forthe Delete Subtree permission and click OK.
10. Click OK in all the other windows and wait for the AD Replication.
Once the AD is successfully replicated, try to remove the mailbox database.
2. Check AD Replication and Domain Controller Health
There is also a possibility that there are replication issues or corruption in the Active Directory schema that might be causing such issues. If the problem persists even after assigning the permissions, then run a full diagnosis of the Active Directory. You can perform a Domain Controller Diagnostics on domain controllers, including a replication check.
To perform Domain Controller Diagnostics, open Command Prompt as an administrator and run the following command:
dcdiag
The above command will give an overview of the health and status of the schema.
Now, check the replication summary to find out if there is any issue in the Active Directory replication process. For this, use the repadmin command as given below:
Repadmin /replsummary
Note: You need to execute the above commands on all the domain controllers in the infrastructure, even on the read-only domain controllers.
3. Check and Move Mailboxes to Another Database
You may fail to remove or delete a mailbox database if there are still mailboxes in the database. So, before deleting a database, move the mailboxes (if any) from the database to another database. Let’s see how to check and move the mailboxes to another database.
Open PowerShell window as an administrator and run the Get-Mailbox cmdlet as given below to get the list of all the mailboxes in the database:
Get-Mailbox -Database <Name of source database>
If there are any mailboxes in the database, use the New-MoveRequest cmdlet as given below to move the mailboxes to another database:
New-MoveRequest -Identity <mailbox ID>-TargetDatabase <Name of destination database>
You can check the status of the move request by using the Get-MoveRequestStatistics command (see the below example).
Get-MoveRequestStatistics –MoveRequestQueue <Name of Target Database>
In the command output, see the PercentComplete column. If it shows 100, it means that the mailbox is moved to the target database.
Use the above steps to move all the mailboxes to the destination database.
When all the mailboxes are moved to another database, remove all the move requests by using the following command:
Get-MoveRequest -ResultSize Unlimited | Remove-MoveRequest -Confirm:$false
Now, try to remove or delete the mailbox database.
To Conclude
You may encounter the “Remove MailboxDatabase operation fails to clean up health mailboxes” error when removing a mailbox database due to permission issues, Active Directory replication, or issues in Domain Controller. You can follow the above-given solutions to troubleshoot and resolve the error. If the remove mailbox operation has failed due to any mailboxes in the database, then check and move the mailboxes to another database.
You may face problem when moving the mailboxes from the database if it is corrupted. In such a case, you can take the help of a third-party Exchange Database Recovery Software, such as Stellar Repair for Exchange. The software can quickly and easily repair the corrupt Exchange database file of any size and from any Exchange Server version. It then exports the mailboxes from the repaired database to PST or directly to a live Exchange Server database. It can also export the mailboxes and other data from EDB file to Microsoft 365 account.