Migration error: Insufficient Rights (00002098: SecErr: DSID 0315145A, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 ). (4245750)

There's a target domain environment, which has very high levels of security setup. The service account is having Domain Admin privileges. However migration is failing with:

Error 0xe1000040. Per attribute apply failed for object
Error 0xe1000041. Apply of attribute extensionAttribute14 with value(s) = ID:FD0395E8A8F96946BAFAFDE674388DE9/A:/CF: failed. LDAP error 0x32. Insufficient Rights (00002098: SecErr: DSID-0315145A, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 ).
Error 0xe1000041. Apply of attribute extensionAttribute15 with value(s) = 407470A4C949414D85B9B31BFFE7BDA5 failed. LDAP error 0x32. Insufficient Rights (00002098: SecErr: DSID-0315145A, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 ).
Error 0xe1000041. Apply of attribute userAccountControl with value(s) = 512 failed. LDAP error 0x32. Insufficient Rights (00002098: SecErr: DSID-0315145A, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 ).

To validate that the issue is really caused by insufficient permissions of the specified target domain account, please do the following:
- open ADUC (dsa.msc) in "run as different user" mode and specify the service account, which was used in QMM for the target domain
- open any AD object, Attribute Editor and attempt to modify attributes, specified in QMM for stamping*
- if modification is grayed out, it means that there's not enough permissions for the service account. So either account's restrictions should be lifted, or different account specified, which has a higher level of privileges.

For granular permissions, please consult QMM document Migration Manager for AD 8.15 - Granular Account Permissions (quest.com)