DC Decommissioning
This article will walk you through the basics of demoting and removing a domain controller from an active domain. We’ll start by walking through the existing domain ensuring all roles and functions are configured correctly. Once confirmed, we’ll initiate the demotion process.
Prerequisites
When performing a demotion the devil’s in the details. Performing the demotion itself is quite easy as its a single PowerShell command, however to ensure no issues after the demotion has taken place, a number of checks should be perforemd prior too.
Perform Health Check
Perform a DC Health Check on the domain controller to verify that it’s fully functional. It’s recommended that any errors be resolved prior to continuing.
Verify FSMO Roles
Ensure all FSMO (Flexible Single Master Operation) roles are located or migrated onto other DCs.
Please see FSMO Roles for information on completing this step.
Verify Global Catalog
Ensure at least one other DC holds a copy of the Global Catalog. Please see Global Catalog for more information on determining which DCs contain a replica of the Global Catalog and how to add additional DCs.
Test Demotion Process
Perform a dry-run and validate that the demotion process will not fail when run.
Test-ADDSDomainControllerUninstallationScream Test (Optional)
Lastly, some technician recommend that prior to fully demoting and removing the Domain Controller, you first shutdown or disconnect the DC for a short period of time. This will simulate the removal of the DC to see if any large issues occur.
Initiate the Demotion Process
When confident that the DC is ready for removal, run the following command to demote the DC.
Uninstall-ADDSDomainControllerUninstall ADDS (Optional)
With the DC now removed from the domain, you can optionally uninstall the ADDS feature from the server.
Uninstall-WindowsFeature AD-Domain-Services