Today, I was trying to remove an old windows 2003 R2 DC server in our domain, when I run DCPROMO command to demote it, I received the following error message:

The operation failed because: The attempt at remote domain controller DC2016 to remove domain controller CN=DC1,CN=Servers,CN=Default-First-Name,CN=Sites….from the forest was unsuccessful. “Access is Denied”

It you ran into the same issues with me, don’t panic, you can try to follow steps to fix your issues.

  1. Login to Domain Controller server and open Active Directory Sites and Services.

2. Right-click the Domain Controller (which you would like to demote it) and select Properties.

3. Select Object and uncheck Protected object from accidental Deletion and then Click OK.

4. Click Retry.

Now, it should fix the issues and demote the old Domain Controller server successfully.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun