Remove a Domain Controller from AD

From The Power of Many
Revision as of 08:09, 29 March 2020 by Snowshi (talk | contribs) (Created page with "=== 1. Determine FSMO role === If the DC which you want to demote holds any FSMO role, you need to transfer the FSMO roles to another DC. The 5 FSMO roles are: '''Schema Mas...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

1. Determine FSMO role

If the DC which you want to demote holds any FSMO role, you need to transfer the FSMO roles to another DC.

The 5 FSMO roles are:

Schema Master (forest-wide)

Domain Naming Master (forest-wide)

RID Master (domain-specific)

PDC Emulator (domain-specific)

Infrastructure Master (Domain-specific)


Login as Domain Administrator on one DC

In a command prompt window, type

netdom query fsmo Remove_Domain_Controller_1 The powershell commands

To determine the domain-specific FSMO roles for a domain

Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator

To determine the forest-specific FSMO roles for a Forest

Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster

to view a list of all DCs that have FSMO roles

Get-ADDomainController -Filter * | Select-Object Name, Domain, Forest, OperationMasterRoles | Where-Object {$_.OperationMasterRoles}

Remove_Domain_Controller_2

2. Transfer the FSMO roles to another DC (Optional)

If the DC you want to demote doesn’t hold any FSMO role, you can skip this step.

Login as Domain Administrator on one DC

PowerShell commands


Move-ADDirectoryServerOperationMasterRole -Identity <targetDC> -OperationMasterRole pdcemulator, ridmaster, infrastructuremaster, schemamaster, domainnamingmaster

or

Move-ADDirectoryServerOperationMasterRole -Identity <targetDC> -OperationMasterRole 0,1,2,3,4 Remove_Domain_Controller_3

3.  Dry-run

Test-ADDSDomainControllerUninstallation

Remove_Domain_Controller_4

4. Demote Domain Controller using PowerShell

4.1 demote domain controller

First, open PowerShell with Administrator privileges. Then type the following command and press Enter. You will be prompted to type in the local administrator’s account twice, and then confirm your action by pressing Y or A, depending on your preferences.

Uninstall-ADDSDomainController

Immediately afterward, the demotion of the Domain Controller will proceed and the server will be restarted automatically.

4.2 uninstall the role

Once you log in again by opening Server Manager, you will notice that there is the corresponding notification for you to promote the server to a Domain Controller. Obviously, once the Active Directory Domain Services role is still in place.


To uninstall it, use the following command in PowerShell.

Uninstall-WindowsFeature AD-Domain-Services

That’s it! After restarting, your server is no longer a Domain Controller, but just an Active Directory domain member server.

Retrieved from "https://wiki.snowfrs.com/index.php?title=Remove_a_Domain_Controller_from_AD&oldid=36"