Description:
You are using Domain Admins account and wanted to delete a "stale" Domain Controller (DC) from Active Directory Users and Computers console. However you got an access denied error.
Resolution:
Most probably there's a protection against accidental deletion of DC.
- Go to Active Directory Sites and Services
- Expand the Sites folder > expand the site name where the DC you want to delete is > expand the Servers folder > expand the DC you want to delete
- Right click on NTDS Settings
- Click on the Object tab
- Uncheck the “Protect object from accidental deletion” checkbox.
- Click OK.
Now you should be able to delete the Domain Controller from Active Directory Users and Computers console.
