The Headache!

DCPromo Demotion Fails “Access is denied”.

While trying to demote an existing Windows Server 2008 R2 Domain Controller. I ran into a massive headache!! After running “dcpromo” and following the first few steps of the demotion it seems to start and run just fine. But then, within a few seconds I was then promoted for credentials with the below “access is denied” message. When I had already unchecked the domain controllers in the OU “Protect object from accidental deletion” I was left scratching my head.

DCPromo Demotion Fails "Access is denied"

The Fix

I spent ages trying to trawl through Google, attempting to find an answer. Eventually I got to the bottom of it. It seems I still had “Protect object from accidental deletion” checked in Active Directory and Sites which is separate to Active Directory Users and Computers.

DCPromo Demotion Fails "Access is denied"

Many of the articles within Google do not actually mention to check the Active Directory and Sites… hence the blog post to hopefully save you the massive headache I had.

Feel free to ask if you get stuck!


Leave a Reply