Access Denied when demoting windows 2003 dc controller
Posted on 2015-01-25
I have moved my domain over to windows 2012 servers and I am now trying to demote a windows 2003 dc. When I attempt this I get the following
The operation failed because: The Active Directory Domain Services Installation Wizard was unable to convert the computer account <hostname>$ to an Active Directory Domain Controller account. "Access is denied" and it prompts for an enterprise account.
What I have found is that the Enable computer and user accounts to be trusted for delegation policy is the likely cause of the failure, no matter which users I try to demote the server with this policy shows disabled.
I have gone through and verified the correct permissions on the user, this is a top level ent admin account with all need rights.
I have verified the domain controller policy exists and that the OU for domain controllers is linked accordingly. The default domain policy is applying to the user when it logs in. And that policy is set to administrators
I have even tried adding a specific user to the trusted delegation policy, but no matter what I do the user show disabled for this policy