A Windows 2012 R2 was promoted as a DC in an existing domain. The domain is running functional level domain/forest of 2003. There are other 2012 R2 machines already promoted and behaving.
After the promotion we can login with domain credentials but we can't run anything as Administrator - like Server Manager. A popup indicates we may not have sufficient rights. If I drill to c:\windows\system32\servermanager.exe and try to RunAs and enter domain credentials I get an access denied.
At this point I'd like to demote it as a DC, but can't open powershell or server manager as administrator.
Any ideas as to how I might troubleshoot this. As a 2nd option is there a way to remotely demote the DC.