15.3. Uninstalling Active Directory

Problem

You want to demote a domain controller or completely tear down a domain or forest because you no longer need it.

Solution

Do the following to demote a domain controller to be a member server:

  1. Run the dcpromo command from a command line or Start Run.

  2. Click Next.

  3. If the server is the last domain controller in the domain, check the box beside This server is the last domain controller in the domain.

  4. Click Next.

  5. Type and confirm the password for the local Administrator account.

  6. Click Next twice to begin the demotion.

If you want to completely remove a domain, you have to demote each domain controller in the domain, which is accomplished by running dcpromo on the domain controllers and following the steps outlined above. For the last domain controller in the domain, be sure to select This server is the last domain controller in the domain in the dcpromo wizard so that the objects associated with the domain get removed.

Tip

If the domain you want to remove has subdomains, you must remove the subdomains before proceeding.

After all domain controllers have been demoted and depending on how your environment is configured, you may need to remove WINS and DNS entries that were associated with the domain controllers and domain unless they were automatically removed via WINS deregistration and DDNS during the demotion process. The following commands can help determine if all entries have been removed:

> netsh wins server \\<WINSServerName> show name <NetbiosName> ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.