Fix: Cannot demote server Access is denied

When demoting a server from an existent Active Directory you will be prompted for the credentials with an error saying

The Operation failed because: The attempt at remote directory server to remove directory server was unsuccessful. “Access Denied”.

This issue is due to the fact that the object is set with Protect object against Accidental Deletion

To fix this open Active Directory Sites and Services. Find the server which you are trying to demote and expand it. Right click on NTDS Settings and click on Properties. Click on the Object tab and un-tick the Protect object from Accidental Deletion.

Retry the demotion and it will work. If it doesn’t then check the Active Directory Users and Computers and check if the computer account has the Protect object from Accidental Deletion enabled. Make sure to click on Advanced Features.

Leave a Reply

Your email address will not be published. Required fields are marked *