When demoting a DC I ran into this error:
The operation failed because: Active Directory Domain Services could not configure the computer account <hostname>$ to the remote Active Directory Domain Controller account <fully qualified name of helper DC>. “Access is denied”
I found a possible explanation dealing with missing security rights as described here kb2002413, but it was quickly clear that this was not the case.
It turned out to be a very simple solution, the computer had the protect object from accidental deletion checked, when this was unchecked, I was able to remove the DC.