How to Demote a Domain Controller (Step-by-Step Guide)

Do you need to demote a sphere restrainer ?
Is your knowledge domain restrainer dead and you want to manually remove it ?
No problem .
In this guide, I ’ ll walk through two options to remove a domain accountant. If you still have access to the server then option 1 is the choose choice.

  • Option 1: Demote a Domain Controller Using Server Manager
    • Use this option if you still have access to the server.
  • Option 2: Manually Remove a Domain Controller
    • Use this option if the server is dead or you no longer have access to it.

In both examples, I ’ ll be using Windows Server 2016 waiter but these steps will work for Server 2012 and improving .
Tip #1 Starting with Server 2008 domain control metadata is cleaned up mechanically. Windows Server 2003 server or earlier will require using the ntdsutil dominate to cleanup metadata. With that said you still need to manually remove the server from sites and services .
Tip #2 Make sure there are no other services running on the server ( like DNS or DHCP ) before shutting down the server. If you can avoid this you may save yourself a large headache .
Tip #3 If the knowledge domain accountant you are removing has FSMO roles configured they will get transferred to another DC mechanically . You can check this with the netdom question FSMO command .

Video Tutorial

If you don ’ metric ton like video recording tutorials or want more details, then continue reading the instructions below .

Option 1: Demote a Domain Controller Using Server Manager

This is Microsoft ’ randomness recommended method acting for removing a knowledge domain restrainer .
Step 1. Open Server Manager
demote domain controller 1
Step 2. Select “ Remote Roles and Features ”

Click next on the “ Before you begin page ”
demote domain controller select remove roles
Step 3. On the server survival page, select the waiter you want to demote and click the following button .
In this model, I ’ thousand demoting waiter “ srv-2016 ”
demote domain controller select server
Step 4. Uncheck “ Active Directory Domain Services ” on the Server Roles page .
demote domain controller uncheck adds
When you uncheck you will get a popup to remove features that require active Directory Domain Services .
demote domain controller remove management toolsIf you will plan on using the server to manage Active Directory then keep these installed. In this example, I plan to decommission the server so I will remove these management tools.
Step 5. blue-ribbon Demote this knowledge domain accountant
demote domain controller select demote
On the next screen make sure you DO NOT select “Force the removal of this domain controller”. You should only select this if you are removing the last world control in the sphere .
You can besides change credentials on this screen if needed .
demote domain controller credentials
Click Next
Step 6. On the warnings screen, it will give you a warning this waiter hosts extra roles. If you have client computers using this server for DNS you will need to update them to point to a different server since the DNS character will be removed.

Check the box “ Proceed with removal and snap adjacent
demote domain controller warning page
Step 7. If you have DNS deputation you can select “ Remove DNS deputation and pawl adjacent. In most cases, you will not have DNS delegating and can uncheck this box .
demote domain controller dns delegation
Step 8. now put in the modern administrator password. This will be for the local administrator account on this server .
demote domain controller new password
Step 9. Review options and click “ Demote ”
#Tip – There is a “ view script ” release that generates a PowerShell handwriting to automate all the steps we just walked through. If you have extra sphere controllers to remove you could use this script .
demote domain controller demote button
When you click demote the server will be demoted and rebooted. Once it reboots the server will be a penis server. You can log in with domain credentials to the server .

Additional Cleanup Steps

For some argue, Microsoft decided not to include sites and services in the cleaning march. possibly it ’ second left there in case you want to promote the waiter back to a sphere restrainer. If you are not going to promote the server back to a DC then follow these steps .

  1. Open Active Directory Sites and Services and remove the server

demote domain controller sites and services
You can see above the waiter I precisely demoted is hush listed in sites and services. I ’ ll barely right-click on it and delete it .
That is it for option 1. You can go into the “ Domain Controllers ” booklet and verify the server is removed. It ’ mho besides a good mind to run dcdiag after removing a DC to make sure your environment has no major errors .
You may besides need to review and test echo. You can use the repadmin command to test for rejoinder issues .

Option 2: Manually Remove a Domain Controller

Use this choice if the server is dead, disconnect, or you just can ’ triiodothyronine access it. There is in truth lone 1 step .
Step 1. On another world accountant or computer with RSAT tools candid “ Active Directory Users and Computers ”
Go to the domain Controllers booklet. Right click the world control you want to remove and click delete .
manually remove dc 1
On the adjacent screen select the box “ Delete this Domain Controller anyhow ” and click edit ”
manually remove select delete
If the DC is a ball-shaped catalogue server you will get an extra message to confirm the deletion. I ’ thousand going to click Yes .
That is pretty much it. Easy hu ?
The last step would be to remove the server from Sites and Services merely like I showed you in option 1.

As I mentioned at the crown of this article starting with server 2008 the metadata killing is done mechanically with both options. Most how to guides will tell you to open the control prompt and run the ntdsutil to cleanup the metadata. This is not needing if your waiter manoeuver system is 2008 or above .
It seems easier to just manually remove the DC than going through the server director charming. technically I ’ m not sure what the difference is but Microsoft recommends using the removal charming if you can. Use the manual of arms method acting as a death option .

Summary

In this usher, I showed you two methods for removing a domain restrainer. Microsoft has made this procedure very easily by mechanically cleaning up the metadata starting with server 2008. As networks and systems are constantly changing there may come a time when you need to remove a domain control. I ’ ve provided some Microsoft links below if you would like to read more about this topic .

Sources

  • https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/demoting-domain-controllers-and-domains–level-200-
  • https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup – This article mentions how the metadata is automatically cleaned up using the GUI tools.
  • My 15+ years of Active Directory experience
  • Working with medium and large customer AD environments
  • Testing in my Active Directory Lab.
beginning : https://thefartiste.com
Category : Tech

About admin

I am the owner of the website thefartiste.com, my purpose is to bring all the most useful information to users.

Check Also

articlewriting1

Manage participants in a zoom meeting webinar

Call the people who attend the meet as follows Alternate host host Who scheduled the …

Leave a Reply

Your email address will not be published.