Active directory: Delete a child domain


Windows Server 2019

In the article Active directory: setting up a child domain where I explain how to configure a child domain in an Active Directory environment, I will explain here how to delete a child domain.

As a reminder, when setting up the child domain, a trust relationship was created between the two domains and DNS delegation on the parent domain’s controlling servers.

Before starting the procedure you must:

  • You demote the other domain controllers, the procedure deals with the last controller.
  • Make sure that no more resources do not need objects in the domain (users, workstations, servers …). To merge domains, you can use the ADMT tool.
  • Have an administrator account of the parent domain.

For information, you can apply the tutorial to remove the last domain control from an Active Directory environment.

Demote the last domain controller

1. Open an administrator session of the parent domain on the domain controller to be downgraded.

2. From the server manager, click Manage 1 / Remove Roles and Features 2 .

Server manager

3. When launching the wizard, click Next 1 .

Wizard

4. Select server 1 and click Next 2 .

Wiard for demote AD DS

5. Uncheck the role AD DS 1 and click Next 2 .

Uncheck services AD DS

6. Click Remove Features 1 .

Remove console

7. Click Downgrade Domain Controller 1 to launch the wizard.

Demote

8. Verify that the wizard is started with a parent domain account 1 , check the Last Domain Controller box of domain 2 and click Next 3 .

Wiazrd demote

9. Check the Delete box 1 and click Next 2 .

10. Check the boxes for deleting the DNS zone 1 and click Next 2 .

DNS

11. Enter the local administrator password 1 and click Next 2 .

Password

12. Click on 1 to remove the domain controller and the Active Directory domain.

Demote

13. Wait during the operation … the server restarts automatically.


When the server is restarted, the server is no longer a domain controller and switches to a workgroup.

Verification on the parent domain

From the parent domain, check the following:

Removing Approval from the Active Directory Domains and Trusts Console:

Deleting the delegation in the DNS zone:

Conclusion

The child domain is deleted, all that remains is to delete the AD DS role if you want to reuse the Windows installed on the server.

Resource for using ADMT:




Leave a Comment