From:
https://lazyadmin.nl/it/demote-domain-controller/#demoting-an-active-domain-controller
Demoting an active Domain Controller
If you still have access to the domain controller then we can easily remove the domain controller using the Server Manager. Make sure that you have checked the points above before you continue.
Time needed: 5 minutes
1. Open the Server Manager and go to Manage > Remove Roles and Features
– Open the Server Manager (you can find it in the start menu)
– Click on Manage > Remove Roles and Features
1. Select the old domain controller
In the Server Selection, make sure that the old domain controller is selected
2. Remove the Active Directory Domain Services
Deselect the role Active Directory Domain Services. In the popup click on Remove Features
3. Demote the Domain Controller
You will get an error that the validation is failed, this is normal. To remove the features we will need to demote the domain controller. Click on Demote this domain controller
4. Credentials
In the next screen, we can change the credentials, normally you will perform these steps as domain administrator and don’t need to change the credentials.
Make sure that you leave the Force the removal of this domain controller Unchecked . Only select this when you are deleting the last domain controller in the network.
5. Proceed with removal
The server is probably also running DNS. We are going to remove this as well. Make sure that you have pointed your clients to the new DNS server.
Select Proceed with removal and click Next
6. Remove DNS
In the removal options, other services are listed as well that can be removed. Make sure the Remove DNS delegation is selected and click next.
7. Enter New Administrator Password
We will need to enter a new administrator password. This is for the local administrator account on the server after it’s removed from the domain.
8. Review and Demote
Review the settings and click on Demote to remove the domain controller. The server will restart to complete the process.
9. Remove the server from the Active Directory Sites and Services
After the server is rebooted we will need to perform one last step, removing the server from the Active Directory Sites and Services.
– Open the Active Directory Sites and Services from the start menu
– Expand Sites > Default-Fist-Sites-Name > Servers
– Right-click on the old domain controller and choose Delete
Verify the Removal of the Domain Controller
Now the old domain controller is removed, we will need to make sure that everything is running smoothly. On the new domain controller, open the console and run the command dcdiag. This will check the health of your domain controller and will show any errors.
Comments are closed