When trying to demote a Domain controller with DCPROMO, you may receive this error
Error:
Network Credentials
The operation failed because: The attempt at remote directory server <Servername> to remove directory <servername to remove> was unsuccessful. “Access is denied.”
Click Next
Optional select “Reboot on completion”
Error message, your unable to add an account .
Solution:
In AD Sites and Services, go to the server you want to remove => select the properties of the NTDS settings => tab Object => DESELECT ‘Protect object from accidental deletion’ => OK (Wait about half an hour when you have multiple domain controllers for synchronization.
Optional you may also need to deselect the same option at the properties of the Domain Controller, in AD Users and Computer
Try the DCPROMO again, and this will work.
Thank you for posting this and the help.
Thank you, very helpful.
Trying also to demote a DC. However, the DC I’m trying to demote failed so I am not able to access it at all.
I’ve already removed the check mark for everything I could find relating to the server I am trying to be rid of. Still no luck. Still getting “Access is Denied” error.
Any other suggestions would be very much appreciated.
Hi Dave,
You must search for the real ‘access denied’ problem.
Is there something in eventlogs, of is there a server in the error message.
There must be a extra error message to find the real problem
Here some info about logging DCPROMO:
https://technet.microsoft.com/en-us/library/cc961809.aspx
Hope this wil help you with your problem.