Are you getting this error message when demoting a domain controller?
“The operation failed because: The Active Directory Domain Services Installation Wizard (DCpromo.exe) would not configure the computer account <2012 DC> on the remote Active Directory Domain Controller <2019 DC>. Verify that the user running dcpromo.exe is granted the “Enable computer and user accounts to be trusted for delegation” user right in the Default Domain Controllers Policy. The error was: Access is denied”
If you didn’t enable the GPO setting for “Enable computer and user accounts to be trusted for delegation”, by all means enable it and then run GPUpdate /force command on the domain controller before demoting the DC.
If the GPO setting is already enabled, AD replication is done, GPUpdate.exe updated the setting on the domain controllers and you see the setting enabled in RSOP.exe results. BUT you still getting the same freaking error again. What do you do now?
In my case, computer account for Domain Controller is enabled with the setting “Protect object from accidental deletion“. I disabled this check box, then demotion went without errors.