Hi guys,
If you ever encounter the problem that you can’t demote a domain controller in your organization and you get the error that you don’t have the correct credentials to demote your DC then check if this option is enabled on your DC-object in the Active Directory “Protect object from accidental deletion”.
If so, then disable this and try the DCPROMO again.
In this case the DCPROMO is unable to modify and delete the object in the Active Directory because of this option.
Good luck.
Greetz,
Jack