How to demote and remove a Domain Controller on Windows Servers

Posted on Temitope Odemo By Temitope Odemo No Comments on How to demote and remove a Domain Controller on Windows Servers
DC-2

In this article, you will learn how to demote and remove a Domain Controller on Windows Servers. According to techdirectarchive a domain controller (DC) is a server computer that responds to authentication requests. It participates in the replication and contains a complete copy of all directory information for its domain. If you want to know how to Promote a Windows server to a Domain Controller then you can read this: Active Directory: How to Setup a Domain Controller.

Sometimes you may no longer need a server to act as the domain controller that is where the demotion of a DC comes into play. In this article, I will be showing you how to decommission a domain controller through the demotion of the DC.

Here is a YouTube video on how to demote and remove a domain controller

Play

Here are some other related articles that might interest you: Active Directory: How to add a second Domain Controller to your environment, how to allow RDP access for non-administrators on a Domain Controller, and how to install and configure Active Directory Domain Services on Windows Server 2022.

How to demote and remove a Domain Controller

1: To do this, please open the Server Manager as shown below.

image-21
Server Manager

2. Click on Manage and from the drop-down select Remove Roles and Features

image-22
Server Manager Dashboard

Please see how to fix Error “Connectivity to a writable domain controller from node could not be determined because of an error: The distinguished name of the node could not be determined“.

Select the Right Server from the Server pool

3. Make your Server selection from the pool of servers if you have more than one server and click next.

image-23
Selecting Specific Server

4. On the Server Roles Page uncheck Active Directory Domain Services and click Next.

image-24
Removing Server Role

Please refer to these interesting guides: How to Query Windows BitLocker status remotely, how to fix the trust relationship between this workstation and the primary domain failed, What are screensavers? Reasons to use or not use them anymore, and how to Capture and Record your Screen in Windows 10 with Xbox Game Bar.

Remove Roles and Features

5. Immediately after you uncheck you will get a popup page to remove features that require Active Directory Domain Services.

If you want to remove the ADDS completely make sure you check to Remove management tools.

image-25
Removing Roles and Features

6. Despite the Validation results you must still click on Demote this domain controller

image-26
Demoting DC

7. On the next page you can decide to change the credentials to use to perform the demotion operation. Please do not check Force the removal of this domain controller if the current server is not the last DC in the domain.

image-27
Credentials

Please see How to add a new Domain Controller to an Existing Domain, and How to remove WDS role via the GUI and PowerShell.

DNS Removal

8. You will always receive a warning message if the current server is used for DNS. You will need to re-assign another server as DNS because the DNS role on the DC will be removed.

9. On the next page check the box Proceed with removal and click next

image-28
Getting the Warning

10. You may decide to check or uncheck Remove DNS delegation and click next. On the next page enter the new administrator password which will be the local administrator account on this server.

Removal-options
image-29
Setting New Administrator

Please refer to this similar guide: How to uninstall Microsoft SQL Server on Windows 10 and Windows Server, “Remove Office license file: How do you change the account that Office says belong to on Mac“, and how to uninstall Microsoft SQL Server on Windows 10 and Windows Server

Demote the Domain Controller

11. On the next page click the Demote button. Immediately the server will be demoted and rebooted and you can log in with the local admin password or the domain credentials if it now belongs to another domain.

Demote-DC

Next, you PC will be restarted automatically.

Restart-Server-to-rmove-DC

Also, see This computer is a domain controller: The snap-in cannot be used on a domain controller, domain accounts are managed by ADUC snap-in.

Step 2: Remove ADDS and DNS Roles

Click on Manage and select “Remove Roles and Features”. Follow the prompt and click next to remove the ADDS features as shown below.

Remove-ADDS-Roles-and-features

Remove the DNS Features

Remove-DNS-roles

Confirm removal of selected roles

Remove-selected-roles

Feature removal succeeded as shown below.

Removal-succeeded

Launch the Remove Roles and Feature wizard again to remove the DNS roles and ADDS role as shown below.

Remove-roles

I hope you found this blog post on how to demote and remove a Domain Controller on Windows Servers Interesting and helpful. In case you have any questions do not hesitate to ask in the comment section.

5/5 - (1 vote)
Windows Server Tags:, , , , , , , ,

Related Posts

More Related Articles

Implementing DHCP Server Comprehensive Guide to Install DHCP Server on Windows Server Windows Server
Hyper V VM creation How to Create a Windows Server VM on HyperV Windows Server
microsoft confirms some pcs freeze after windows 10 2 Information on BOOTP Vendor Extensions and DHCP Options Windows Server
ghfg 1 Handy WSUS Commands: Windows Server Update Services Commands, WAUACLT, PowerShell and USOClient Windows Server
Banner Enabling and Configuring WinRM via GPO Windows
PIN9 1 How to increase Windows PIN complexity Windows

Leave a Reply