Problem solve Get help with specific problems with your technologies, process and projects.

14 Why am I getting 'access denied' error when trying to demote a DC

I am having problems demoting a DC (domain controller) using DCPROMO. It runs until it attempts to configure the machine account on another DC in the domain. I get an error with that message saying it failed: "Access is denied." All diagnostics I've run have checked out fine -- there's no DNS issue, the rights assignments check out. I even tried resetting the machine account using NETDOM, which said it was successful. I'm stumped; any ideas?
Make sure all DCs are running the same service pack and have the same set of hotfixes applied. Next, force a domain synchronization. Make sure the system to be demoted can fully communicate with another DC. If these actions don't work, it may be a corruption error either in the local registry or the Active Directory database. If that's the case, you'll need to contact Microsoft tech support for further aid.

Dig Deeper on Windows Server storage management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

I had the same issue and turned out to be "protect object from accidental deletion".
Once I unchecked the box the dcpromo down worked great.