When demoting a DC I ran into this error:

The operation failed because: Active Directory Domain Services could not configure the computer account <hostname>$ to the remote Active Directory Domain Controller account <fully qualified name of helper DC>. “Access is denied”

I found a possible explanation dealing with missing security rights as described here kb2002413, but it was quickly clear that this was not the case.

It turned out to be a very simple solution, the computer had the protect object from accidental deletion checked, when this was unchecked, I was able to remove the DC.

Table of Contents

Share this post
Search blog posts
Modern Workplace consultant and a Microsoft MVP in Enterprise Mobility.
Modern Workplace consultant and a Microsoft MVP in Windows and Devices for IT.

Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.

Cloud & security specialist with focus on Microsoft backend products and cloud technologies.

Cloud & Security Specialist, with a passion for all things Cybersecurity

Cloud and infrastructure security specialist with background in networking.

Infrastructure architect with focus on design, implementation, migration and consolidation.

Infrastructure consultant with focus on cloud solutions in Office365 and Azure.

follow us in feedly

Follow on SoMe