How to remove (Demote) Domain Controller


Demoting an active Domain Controller

If you still have access to the domain controller then we can easily remove the domain controller using the Server Manager. Make sure that you have checked the points above before you continue.

Time needed: 5 minutes

1.    Open the Server Manager and go to Manage > Remove Roles and Features

– Open the Server Manager (you can find it in the start menu)
– Click on Manage > Remove Roles and Features


1.    Select the old domain controller

In the Server Selection, make sure that the old domain controller is selected

select old domain controller

2.    Remove the Active Directory Domain Services

Deselect the role Active Directory Domain Services. In the popup click on Remove Features

demote domain controller

3.    Demote the Domain Controller

You will get an error that the validation is failed, this is normal. To remove the features we will need to demote the domain controller. Click on Demote this domain controller

remove domain controller

4.    Credentials

In the next screen, we can change the credentials, normally you will perform these steps as domain administrator and don’t need to change the credentials.

Make sure that you leave the Force the removal of this domain controller Unchecked . Only select this when you are deleting the last domain controller in the network.

remove domain controller from active directory

5.    Proceed with removal

The server is probably also running DNS. We are going to remove this as well. Make sure that you have pointed your clients to the new DNS server.

Select Proceed with removal and click Next

proceed with removal

6.    Remove DNS

In the removal options, other services are listed as well that can be removed. Make sure the Remove DNS delegation is selected and click next.

remove DNS role

7.    Enter New Administrator Password

We will need to enter a new administrator password. This is for the local administrator account on the server after it’s removed from the domain.

new administrator password

8.    Review and Demote

Review the settings and click on Demote to remove the domain controller. The server will restart to complete the process.

demote domain controller

9.    Remove the server from the Active Directory Sites and Services

After the server is rebooted we will need to perform one last step, removing the server from the Active Directory Sites and Services.

– Open the Active Directory Sites and Services from the start menu
– Expand Sites > Default-Fist-Sites-Name > Servers
– Right-click on the old domain controller and choose Delete

Remove from sites and services

Verify the Removal of the Domain Controller

Now the old domain controller is removed, we will need to make sure that everything is running smoothly. On the new domain controller, open the console and run the command dcdiag. This will check the health of your domain controller and will show any errors.





Comments are closed

Latest Comments

No comments to show.