Demoting Domain Controller

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email
Table of Contents

introduction

As you know  , we have learned in previous  article how to Promote Additional Controller ,

SO .. Active Directory Pioneers.lab has two domain controller: DC101 ,DC102 ,

and also we learned how to transfer and seize FSMO

In this article, you’ll discuss how to demote a Windows Server 2016 Domain Controller DC102 from a  Pioneers  Active Directory  infrastructure.

demoting domain controller meaning to remove active directory service from server and back it ot normal server [ previously was called downgrade DC ] 

OUR Scenario 

In the following scenario, we assume that the Domain Controller DC102 is online, functional and communicates with DC101   . We will also see how the demotion process takes place, both using the Server Manager GUI and PowerShell. Otherwise

For Better View > Open Image in different TAB

Before Demoting

Before demoting : of course we have to transfer ALL FSMO to DC101.pioneers.lab

Also its recommended to use command

Test-ADDSDomainControllerUninstallation

to check if DC is uninstallable

check FSMO holder
check if DC102 is able to be demoted

Try to remove ADDS Feature

 first we will try to remove ADDS feature

open ServerManager.exe select remove role
select server
un select ADCS and DNS
accept to remove some it's requirements
warning
we will get error message since we have to demote domin controllrt before remove feature

Demote Domain Controller DC102

So…. remove ADDS Feature Failed because we have to demote DC102 First 

 
select demote DC
provide credential
accept to remove GC + DNS
set new local administrator password since server will be downgraded to normal server
select demote to start process
DONE : server demoted [downgraded ] to normal server

Remove ADDS Feature

Now we can remove ADDS Feature after demote 

 
open server manager
select remove role
For Better View > Open Image in different TAB
select this server
uncheck ADDS first
accept to remove its requirements
next
review and select remove
accept to restart sever after remove role
remove ADDS succeeded

Remove DNS server

After successfully remove ADDS And demote DC as normal server 

it’s important to remove DNS also 

and configure domain computers to use ONLY DNS server 172.16.100.10 either manually or by DHCP if applied 

 

open server manager remove DNS also

remove server from console Site & services

if server DC102 has NOT been remove from console [site and services ] then we have to do that manually 

 
open cosnole AD site and service and delete serve DC102

verify demote DC and remove ADDS & DNS

 like any process in pioneers LAB , we have to verify our process DONE successfully 

ntdis has been removed
DC102 removed from domain controller in ADUC
DC102 become memberof normal computers container
Share this post
Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

About Me

Our Power in Numbers

 17 

Courses

321

Articles

3,882

Images
and All configurations images are proudly made in Pioneers Lab

Articles By Course

Recent Articles

Subscribe

Contact us

have a challenge ? don’t hesitate to contact us