Error when you move a mailbox in an Exchange Server 2013 environment: Cannot set folder security descriptor with non-canonical ACL
Original KB number: 2764844
When you try to move a mailbox in a Microsoft Exchange Server 2013 environment, you receive the following error message:
Error: Cannot set folder security descriptor with non-canonical ACL.
This issue occurs because the mailbox has a corrupted access control list (ACL).
To resolve this issue, follow these steps:
Run the following commands to identify the ACL that causes this issue:
$mr = get-moverequeststatistics -IncludeReport <mailboxIdentity> $mr.Report.Failures
Remove the corrupted ACL by using the ExFolders tool.
To work around this issue, run the following
new-MoveRequest cmdlet together with the
New-moverequest -Identity <username> -Target Database "database name" -SkipMoving:FolderViews
When you move the mailbox by using the
-SkipMoving:FolderACls switch, Exchange Server 2013 doesn't move the ACLs of the folders in the mailbox. Therefore, after you move the mailbox, all the folders have default permissions.