Knowledge Base

WINDOWS SERVER - How to demote a domain controller in Windows Server 2012 and later versions



The purpose of this article is to outline ways of demoting domain controllers in Server 2012 & 2012 R2. For over a decade 'dcpromo.exe' has been the method to demote a domain controller (DC). This is no longer the case.


Demoting a Windows Server 2012 / 2012 R2 domain controller using Server Manager

Steps:

1.) Open Server Manager

2.) Click Manage, and then Remove Roles & Features.

3.) If prompted for 'Select Destination Server', select the target DC.

DCPromo-1

4.) At 'Remove Server Roles' click Next, & and at 'Remove Features' click Next.

5.) Remove the checkbox from the Active Directory Domain Services role.
NOTE: This does not actually remove the role, but signals the wizard to offer the option to demote.

6.) The wizard offers up associated features. Click the Remove Features button

7.) A Validation Results dialog box will appear with a message stating "The Active Directory domain controller needs to be demoted …" . Click the link that says "Demote this domain controller".

8.) Enter new credentials with rights to demote the server or keep the existing credentials.

9.) If the reason for DC demotion is that it has lost contact with the domain, it will be necessary to force its removal and manually remove its artifacts (metadata cleanup - see link below). Select the option 'Force the removal of this domain controller'.

DCPromo-2

10.) If this DC is the only DC remaining, ensure 'Last Domain Controller in the Domain' checkbox is marked; otherwise clear the box. Click
Next.

DCPromo-3

11.) Click Next at the Warnings screen.

12.) Set a new local administrator password.

13.) Click Demote.

14.) The server will demote and automatically reboot. The AD DS binaries are still present on the server, but the server is no longer a domain controller.


Demoting a 2012 / 2012 R2 DC using Powershell (quick and easy method)

1.) Open a Powershell Prompt

2). Enter 'uninstall-addsdomaincontroller'

a.) To do a forceremoval add '<cmdstring> -forceremoval $true' to the command line

3. Enter the new local Administrator password when prompted and press Enter.

4. Confirm the password and press Enter.

5. Accept the default and press enter.

6. The server will demote and automatically reboot. The AD DS binaries will still be present on the server, but the server will have demoted.


ADDITIONAL INFORMATION:

For more information on metadata cleanup please see
http://social.technet.microsoft.com/wiki/contents/articles/3984.domain-controller-demotion-and-metadata-cleanup.aspx


For more information on DC demotion in Server 2012 and later please see
http://technet.microsoft.com/en-us/library/jj574104.aspx




Quick Tips content is self-published by the Dell Support Professionals who resolve issues daily. In order to achieve a speedy publication, Quick Tips may represent only partial solutions or work-arounds that are still in development or pending further proof of successfully resolving an issue. As such Quick Tips have not been reviewed, validated or approved by Dell and should be used with appropriate caution. Dell shall not be liable for any loss, including but not limited to loss of data, loss of profit or loss of revenue, which customers may incur by following any procedure or advice set out in the Quick Tips.

Artikel-ID: SLN289686

Datum der letzten Änderung: 07/06/2015 05:22 PM


Diesen Artikel bewerten

Präzise
Nützlich
Leicht verständlich
War dieser Artikel hilfreich?
Ja Nein
Schicken Sie uns Ihr Feedback.
Die folgenden Sonderzeichen dürfen in Kommentaren nicht verwendet werden: <>()\
Derzeit ist kein Zugriff auf das Feedbacksystem möglich. Bitte versuchen Sie es später erneut.

Vielen Dank für Ihr Feedback.