Windows Server

Decommission a DC: How to demote and remove a Domain Controller on Windows Servers


According to techdirectarchive a domain controller (DC) is a server computer that responds to authentication requests. It participates in the replication and contains a complete copy of all directory information for its domain. If you want to know how to Promote a Window Server to a Domain Controller then you can read this: Active Directory: How to Setup a Domain Controller. Sometimes you may no longer need a server to act as the domain controller that is where the demotion of a DC comes into play. In this article, I will be showing you how to decommission a domain controller through the demotion of the DC.

Here are some other related articles that might interest you: Active Directory: How to add a second Domain Controller to your environment, Add User to Remote Desktop Users Group in AD: How to allow RDP access for non-administrators on a Domain Controller, Domain Controller: How to install and configure Active Directory Domain Services on Windows Server 2022, Fix Error “Connectivity to a writable domain controller from node could not be determined because of an error: The distinguished name of the node could not be determined“, This computer is a domain controller: The snap-in cannot be used on a domain controller, domain accounts are managed by ADUC snap-in

In this article, I will be using Windows Server 2016. Follow the below steps on how to demote and remove a Domain Controller. 

1: Open the Server Manager as shown below.

Server Manager

2. Click on Manage and from the drop-down select Remove Roles and Features

Server Manager Dashboard

3. Make your Server selection from the pool of servers if you have more than one server and click next.

Selecting Specific Server

4. On the Server Roles Page uncheck Active Directory Domain Services and click Next.

Removing Server Role

5. Immediately after you uncheck you will get a popup page to remove features that require Active Directory Domain Services. If you want to remove the ADDS completely make sure you check to Remove management tools.

Removing Roles and Features

6. Despite the Validation results you must still click on Demote this domain controller

Demoting DC

7. On the next page you can decide to change the credentials to use to perform the demotion operation. Please do not check Force the removal of this domain controller if the current server is not the last DC in the domain.


8. You will always receive a warning mesage if the current server is used for DNS. You will need to re-assign another server as DNS because the DNS role on the DC will be removed.

9. On the next page check the box Proceed with removal and click next

Getting the Warning

10. You may decide to check or uncheck Remove DNS delegation and click next.

On the next page enter the new administrator password which will be the local administrator account on this server.

Setting New Administrator

11. On the next page click the Demote button. Immediately the server will be demoted and rebooted and you can log in with the local admin password or the domain credentials if it now belongs to another domain.

Below is a YouTube video of how to decommission a Domain Controller (DC).

I hope you found this blog post on Decommission a DC: How to demote and remove a Domain Controller Interesting and helpful. In case you have any questions do not hesitate to ask in the comment section.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x