Throughout a sysadmin’s career it’s very common to have demoted or decommissioned a domain controller in your domain. With new versions of Windows Server coming out every couple of years, it’s always a good idea to be somewhat up to date. I’m not saying have the latest and greatest every time all the time, I’m just saying it’s a good idea not to be several versions behind. But what about those up and coming sysadmins that might be new to this? Or desktop support folks that want to take that extra time to create a home lab and practice on their off time. This article is going to go step by step on how to decommission a domain controller in your environment using best practices.
In Server 2008 R2 it was a little trickier to demote or decommission a domain controller because you had to use DCPromo, but with the addition of Server 2012 R2, it has become a whole lot easier. As easy as clicking a few buttons.
If you have any questions please leave a comment below and I’ll do my best to get back to you.
Demote or Decommission A Domain Controller
Follow the steps here to decommission a domain controller
- Transfer any FSMO roles to a DC that’s going to remain online
- Remove Active Directory Domain Services role from DC
- Demote domain controller to a member server
- Clean up references in DNS manager
- Remove server from Sites and Services
- Update static IP addresses that are pointing to decommissioned domain controller
The process in 2012 R2 and later makes it so much easier to accomplish this task that future generations don’t have to deal with the struggles of sysadmins in the past.
Demote A Domain Controller Using Powershell
Here is the Powershell commands you can use to demote a domain controller.
Import-Module ADDSDeployment Uninstall-ADDSDomainController -DemoteOperationMasterRole: $true -DnsDelegationRemovalCredential (Get-Credential) -RemoveDnsDelegation: $true -Force
Demote a Domain Controller in Active Directory Demo