Active Directory property ‎’homeMDB‎’ is not writeable on recipient

When attempting to move a users mailbox from an on-premise Exchange environment to Office 365 you may encounter this error message: Active Directory property ‘homeMDB’ is not writable on recipient ‘ajheywood.com/users/test user

It basically means that the users permissions are not correct and this is due to the user having the permission inheritance tick box unticked.

Now you can go into the users AD properties and to the security tab, click Advanced and simply tick the box. Then after waiting for the next AD Connect sync to occur retry the mailbox again which will work.

However if your like me and do lots of migrations this will trigger you to think how many other users mailboxes might encounter an issue like this and you will want to find that out before you get other mailboxes failing also.

So I started searching for some nice PowerShell commands that I could use to do just this for me and I found this nice example shown below. What this script will do is search for any users who have an AdminCount of 1 and then clear it and tick the box to enable inheritance again.

For a detailed breakdown of each of the commands see the original source of the script https://blogs.msdn.microsoft.com/muaddib/2013/12/30/how-to-modify-security-inheritance-on-active-directory-objects-using-powershell/

One Comment

  1. Andy,
    wouldn’t be the question, why the permission inheritance got disabled?
    Was it due to the fact that the user is a member of a protected security group aka AdminSDHolder?
    Cheers,
    Thomas

Comments are closed