Q

14 Why am I getting 'access denied' error when trying to demote a DC

I am having problems demoting a DC (domain controller) using DCPROMO. It runs until it attempts to configure the machine account on another DC in the domain. I get an error with that message saying it failed: "Access is denied." All diagnostics I've run have checked out fine -- there's no DNS issue, the rights assignments check out. I even tried resetting the machine account using NETDOM, which said it was successful. I'm stumped; any ideas?
Make sure all DCs are running the same service pack and have the same set of hotfixes applied. Next, force a domain synchronization. Make sure the system to be demoted can fully communicate with another DC. If these actions don't work, it may be a corruption error either in the local registry or the Active Directory database. If that's the case, you'll need to contact Microsoft tech support for further aid.
This was last published in June 2003

Dig Deeper on Windows Disaster Recovery and Business Continuity

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

I had the same issue and turned out to be "protect object from accidental deletion".
Once I unchecked the box the dcpromo down worked great.
Cancel

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close