When trying to demote a Domain controller with DCPROMO, you may receive this error
Error:
Network Credentials
The operation failed because: The attempt at remote directory server <Servername> to remove directory <servername to remove> was unsuccessful. “Access is denied.”
Click Next
Optional select “Reboot on completion”
Error message, your unable to add an account .
Solution:
In AD Sites and Services, go to the server you want to remove => select the properties of the NTDS settings => tab Object => DESELECT ‘Protect object from accidental deletion’ => OK (Wait about half an hour when you have multiple domain controllers for synchronization.
Optional you may also need to deselect the same option at the properties of the Domain Controller, in AD Users and Computer
Try the DCPROMO again, and this will work.