3.3. Demoting a Domain Controller
Problem
You want to demote a domain controller from a domain. If you want to decommission a domain controller due to lack of use or change in architecture, you’ll need to follow these demotion procedures.
Solution
Using a graphical user interface
Run the
dcpromocommand from a command line or Start → Run.Click Next.
If the server is the last domain controller in the domain, check the box beside “This server is the last domain controller in the domain.”
Click Next.
Type and confirm the password for the local Administrator account.
Click Next twice to begin the demotion.
Discussion
Before demoting a domain controller, ensure that all of the FSMO roles have been transferred to other servers; otherwise, they will be transferred to random domain controllers that may not be optimal for your installation. Also, if the server is a global catalog, ensure that other global catalog servers exist in the forest that can handle the load.
It is important to demote a server before decommissioning or rebuilding it so that its associated objects in Active Directory are removed, its DNS locator resource records are dynamically removed, and replication with the other domain controllers is not interrupted. If a domain controller does not successfully demote, or if you do not get the chance to demote it because of failed hardware, see Recipe 3.6 for manually removing a domain controller from Active Directory.
See Also
Recipe 3.6 for removing an unsuccessfully demoted domain controller, ...
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
