Demoting an active Domain Controller
If you still have access to the domain controller then we can easily remove the domain controller using the Server Manager. Make sure that you have checked the points above before you continue.
Time needed: 5 minutes
1. Open the Server Manager and go to Manage > Remove Roles and Features
– Open the
– Click on > (you can find it in the start menu)
1. Select the old domain controller
In the , make sure that the is selected
2. Remove the Active Directory Domain Services
Deselect the role . In the popup click on
3. Demote the Domain Controller
You will get an error that the validation is failed, this is normal. To remove the features we will need to demote the domain controller. Click on
In the next screen, we can change the credentials, normally you will perform these steps as domain administrator and don’t need to change the credentials.
Make sure that you leave the. Only select this when you are deleting the last domain controller in the network.
5. Proceed with removal
The server is probably also running DNS. We are going to remove this as well. Make sure that you have pointed your clients to the new DNS server.
6. Remove DNS
In the removal options, other services are listed as well that can be removed. Make sure the is selected and click .
7. Enter New Administrator Password
We will need to enter a new administrator password. This is for the local administrator account on the server after it’s removed from the domain.
8. Review and Demote
Review the settings and click on to remove the domain controller. The server will restart to complete the process.
9. Remove the server from the Active Directory Sites and Services
After the server is rebooted we will need to perform one last step, removing the server from the Active Directory Sites and Services.
– Open the
– > >
– on the old domain controller and choose
Verify the Removal of the Domain Controller
Now the old domain controller is removed, we will need to make sure that everything is running smoothly. On the new domain controller, open the console and run the command . This will check the health of your domain controller and will show any errors.