Recipe 3.3 Demoting a Domain Controller

3.3.1 Problem

You want to demote a domain controller from a domain. If you want to decommission a domain controller due to lack of use or change in architecture, you'll need to follow these demotion procedures.

3.3.2 Solution Using a graphical user interface
  1. Run the dcpromo command from a command line or Start Run.

  2. Click Next.

  3. If the server is the last domain controller in the domain, check the box beside "This server is the last domain controller in the domain."

  4. Click Next.

  5. Type and confirm the password for the local Administrator account.

  6. Click Next twice to begin the demotion.

3.3.3 Discussion

Before demoting a domain controller, ensure that all of the FSMO roles have been transferred to other servers; otherwise, they will be transferred to random domain controllers that may not be optimal for your installation. Also, if the server is a global catalog, ensure that other global catalog servers exist in the forest that can handle the load.

It is important to demote a server before decommissioning or rebuilding it so that its associated objects in Active Directory are removed, its DNS locator resource records are dynamically removed, and replication with the other domain controllers is not interrupted. If a domain controller does not successfully demote, or if you do not get the chance to demote it because of failed hardware, see Recipe 3.6 for manually removing a domain controller from Active Directory.

3.3.4 See Also

Recipe 3.6 for removing an unsuccessfully demoted domain controller, Recipe 3.17 for disabling the global catalog, Recipe 3.26 for transferring FSMO roles, MS KB 238369 (HOW TO: Promote and Demote Domain Controllers in Windows 2000), and MS KB 307304 (HOW TO: Remove Active Directory with the Dcpromo Tool in Windows 2000)

    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List