QMM Error: Active Directory property ‘homeMDB’ is not writeable on recipient

with No Comments

During a migration to Exchange 2013 using Migration Manager for Exchange 8.10, the below showed up in the UnifiedMailSync log:

System.Management.Automation.RemoteException: Active Directory property ‘homeMDB’ is not writeable on recipient ‘domain.org/Users/Power Users/Smith, John’.

It took approximately 30 minutes to track down the root cause of this, including verifying all minimum permissions were in place. Finally I started comparing individual users and noticed that the ACLs on this particular user were different than the permissions in place on other users, I realized that this was an issue that I had seen many times; this user had once been a member of a protected group and wasn’t inheriting permissions.

The solution is straightforward, and documented in a Microsoft KB article.

Resolving the Issue

First, ensure the user is not a member of any protected groups, which are listed at the bottom of this post. If they are a member of a protected group, remove them from the group.

Using ADSI Edit, connect to the Domain Partition of the domain the user is located in.

Browse to the user, right click, and select Properties.

Locate the attribute adminCount, which should be set to 1. Click once on the attribute to highlight it.


Click Edit, and then click Clear in the next window.


Click OK, then click OK again.

Using Active Directory Users and Computers, browse to the user.

Right click on the user, select Properties.

Click on the Security tab, then click the Advanced button.

In the Advanced Security Properties window, you will notice that the box for Include inheritable permissions from this object’s parent is unchecked. Check it.


Click OK, then click OK again.

List of Protected Groups

  • Administrators
  • Account Operators
  • Server Operators
  • Print Operators
  • Backup Operators
  • Domain Admins
  • Schema Admins
  • Enterprise Admins
  • Cert Publishers

Leave a Reply