• Contact
  • Homelab
Dimitris Tonias
  • Management
  • Monitoring
  • Cloud
  • Virtualization
  • Networking
  • Productivity
No Result
View All Result
  • Management
  • Monitoring
  • Cloud
  • Virtualization
  • Networking
  • Productivity
No Result
View All Result
Dimitris Tonias
No Result
View All Result

Demote a Windows Server 2016 Domain Controller

Dimitris Tonias by Dimitris Tonias
January 31, 2018 - Updated on April 21, 2024
in Management
Reading Time: 5 mins read
A A
3
Share on FacebookShare on Twitter

In today’s article, you’ll see how to demote a Windows Server 2016 Domain Controller from a company’s Active Directory infrastructure.

In the following scenario, we assume that the Domain Controller is online, functional and communicates with at least one other DC of the infrastructure. We will also see how the demotion process takes place, both using the Server Manager GUI and PowerShell. Otherwise, if DC is not working then you will need to proceed with a forced removal from Active Directory.

Before you begin the demote process, you will need to determine if the DC holds one of the FSMO roles. If it does, then you will need to transfer the FSMO roles to another DC.

Before you start demoting the Domain Controller

Although not necessary, we will first use the Test-ADDSDomainControllerUninstallation cmdlet to test any dependencies or potential problems that will occur when removing the Domain Controller from Active Directory. Think of it as a simulation without any change being made yet.

The basic syntax of the command for a typical simulation is as follows. It’s good to have a look at the other parameters to try this one that suits your case.

Test-ADDSDomainControllerUninstallation

Test-ADDSDomainControllerUninstallation

You will be asked to enter the local administrator password and after a few seconds, the corresponding success or failure message will be displayed. In the event of a failure, you will have to correct the error, such as transferring the FSMO roles and then proceed to the DC demotion.

Demote a Windows Server 2016 Domain Controller

Demote Domain Controller using Server Manager

Open Server Manager, click Manage and then Remove Roles and Features.

Demote a Windows Server 2016 Domain Controller

In the Before You Begin section, click Next to continue.

Demote a Windows Server 2016 Domain Controller

In the Server Selection section, select DC and click Next to continue.

Demote a Windows Server 2016 Domain Controller

Under Server Roles, uncheck the Active Directory Domain Services role.

Demote a Windows Server 2016 Domain Controller

In the new window, click the Remove Features button.

Demote a Windows Server 2016 Domain Controller

Immediately afterward, a new window will appear informing you that you can not simply remove the role and that you will need to demote DC first. Click Demote this domain controller to start the wizard.

Demote a Windows Server 2016 Domain Controller

In the Credentials section, select a user account (for example, Domain or Enterprise Administrator) that has the right to remove DC, and click Next to continue. If the DC does not communicate with at least one other DC, then only enable the Force the removal of this domain controller option. Also, Force will leave orphaned metadata in Active Directory and you will need to clean them up immediately to avoid problems in the future.

Demote a Windows Server 2016 Domain Controller

In the Warnings subsection, which appears only if you have DNS and Global Catalog server roles installed, select Proceed with removal and click Next to continue.

Demote a Windows Server 2016 Domain Controller

In the New Administrator Password section, enter the new administrator account password and click Next to continue.

Demote a Windows Server 2016 Domain Controller

In the Review Options section, click the Demote button to continue.

Demote a Windows Server 2016 Domain Controller

Then, the demote process of DC will start and your server will automatically restart.

Demote a Windows Server 2016 Domain Controller

Demote a Windows Server 2016 Domain Controller

After rebooting, your old DC now appears to be part of the domain as a member server rather than DC. If you plan to re-promote it to DC in a short period of time then you do not have to do anything else for the time being.

Otherwise, you will need to uninstall the Active Directory Domain Services role as you tried before. Reopen the wizard from Remove Roles and Features.

Demote a Windows Server 2016 Domain Controller

Under Server Roles, uncheck the Active Directory Domain Services role and click Next to continue. As you will see, a message no longer appears as your server is no longer DC.

Demote a Windows Server 2016 Domain Controller

Demote Domain Controller using PowerShell

When you promoted a server to a Domain Controller, you first installed Active Directory Domain Services and then promoted it to Domain Controller. Correspondingly, but in the opposite direction, we will do in case we want to remove a Domain Controller from the Active Directory domain. That is, first we will demote it and then we will uninstall the role.

First, open PowerShell with Administrator privileges. Then type the following command and press Enter. You will be prompted to type in the local administrator’s account twice, and then confirm your action by pressing Y or A, depending on your preferences.

Uninstall-ADDSDomainController

Uninstall-ADDSDomainController

Immediately afterward, the demotion of the Domain Controller will proceed and the server will be restarted automatically.

Once you log in again by opening Server Manager, you will notice that there is the corresponding notification for you to promote the server to a Domain Controller. Obviously, once the Active Directory Domain Services role is still in place.

To uninstall it, use the following command in PowerShell.

Uninstall-WindowsFeature AD-Domain-Services

Uninstall-WindowsFeature AD-Domain-Services

That’s it! After restarting, your server is no longer a Domain Controller, but just an Active Directory domain member server.

Tags: Domain ControllerWindows Server 2016
ShareTweetPin
Previous Post

Deploy Domain Controller using Install From Media (IFM)

Next Post

Forced removal of a Domain Controller from Active Directory

Related Posts

Approve updates in WSUS 2016
Management

Approve updates in WSUS 2016

Configure Group Policy to deploy updates using WSUS 2016
Management

Configure Group Policy to deploy updates using WSUS 2016

Configure computer groups in WSUS 2016
Management

Configure computer groups in WSUS 2016

The initial configuration of WSUS 2016
Management

The initial configuration of WSUS 2016

Install WSUS in Windows Server 2016
Management

Install WSUS in Windows Server 2016

Error opening Report Viewer on WSUS 2016
Management

Error opening Report Viewer on WSUS 2016

Comments 3

  1. Tom Rogers says:
    6 years ago

    Just came across your article here. Never seen the TEST-ADDSDomainControllerUninstall command before. I have a question about the password used for this. Do I enter the Domain Admin PW? Do I enter the Directory Restore Mode PW? Do I enter the PW of the local domain acct I used before this became a DC? Or can I enter ANY PW I like? And if I enter any PW I like, does that actually set this PW to any account in ADDS or local admin on the DC I am testing for demotion? Thx for any help.

    Reply
  2. Mohamed Sayed says:
    6 years ago

    Perfect article!!
    thank you

    Reply
  3. Ben Hastings says:
    6 years ago

    When I use Uninstall-WindowsFeature AD-Domain-Services, I’m getting an error:
    “Uninstall-WindowsFeature : A prerequisite check for the AD-Domain-Services feature failed.”
    Here on Windows Server. version 1709

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

No Result
View All Result
Zabbix server: More than 75% used in the trends cache
Monitoring

Zabbix server: More than 75% used in the trends cache

In Zabbix, "trends" are a type of data storage representing aggregated historical data. Zabbix monitors and collects a vast amount...

Read moreDetails
Check word count on Google Docs

Check word count on Google Docs

Zabbix server: More than 75% used in the configuration cache

Zabbix server: More than 75% used in the configuration cache

Approve updates in WSUS 2016

Approve updates in WSUS 2016

Configure Group Policy to deploy updates using WSUS 2016

Configure Group Policy to deploy updates using WSUS 2016

Configure computer groups in WSUS 2016

Configure computer groups in WSUS 2016

The initial configuration of WSUS 2016

The initial configuration of WSUS 2016

Get more stuff

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

we respect your privacy and take protecting it seriously

  • Contact
  • Homelab

© 2024 Dimitris Tonias

No Result
View All Result
  • About
  • Contact
  • Free Tools
  • Home
  • Homelab

© 2024 Dimitris Tonias

This website uses cookies. By continuing to use this website you are giving consent to cookies being used.