Are you getting this error message when demoting a domain controller?
“The operation failed because: The Active Directory Domain Services Installation Wizard (DCpromo.exe) would not configure the computer account <2012 DC> on the remote Active Directory Domain Controller <2019 DC>. Verify that the user running dcpromo.exe is granted the “Enable computer and user accounts to be trusted for delegation” user right in the Default Domain Controllers Policy. The error was: Access is denied”
If you didn’t enable the GPO setting for “Enable computer and user accounts to be trusted for delegation”, by all means enable it and then run GPUpdate /force command on the domain controller before demoting the DC.
If the GPO setting is already enabled, AD replication is done, GPUpdate.exe updated the setting on the domain controllers and you see the setting enabled in RSOP.exe results. BUT you still getting the same freaking error again. What do you do now?
In my case, computer account for Domain Controller is enabled with the setting “Protect object from accidental deletion“. I disabled this check box, then demotion went without errors.
Anand, the Architect 
Freaking hell. I was loosing my mind, this was my homepage for the past few days:
https://support.microsoft.com/en-us/help/2002413/dcpromo-fails-with-error-access-is-denied-if-the-user-performing-the-p
Thanks mate.
SMTP
Rubber
Ecuador
Thank you! Just spent 7 hours banging my head against the wall. This isn’t mentioned anywhere among Microsoft’s plentiful documentation on all the other scary things that could be wrong with my domain causing this error.
Borders
Computers
MR. THANK YOU
Thank you after all day of trying to figure this out this was the issue!