I am in the process of retiring a DC from my domain and have run into an issue. when I ran dcpromo, I would get a prompt for AD account credentials, then shortly after, an access denied message. I was able to complete a force removal, but when I attempt to remove the AD object, I get an access denied error. the iser account I am using is a member of the Administrators, Domain admins, and Enterprise admins AD groups. I had verified prior to starting this that protect from accidental deletion boxes were not checked for either the AD object or NTDS. The error I receive is
"Windows cannot delete object Ldap://activeDCname/CN=NTDS Settings,CN=Servername of DC being removed,CN=Servers,CN=SiteName,CN=configuration,DC=domain,DC=local because Access is Denied"