Remove an Active Directory Domain Controller


Windows Server 2019

In this article, we will see how to remove a domain controller in an Active Directory environment.

The deletion is done in two steps:

  • Demote the domain controller: remove the controller configuration.
  • Delete roles.

Before downgrading the server, ensure that the server does not have an FSMO role and always have at least 2 active Active Directory controllers.

If you want to destroy the Active Directory domain, disregard the above recommendations.

Demote the domain controller

1. On the Server Manager, click Manage 1 and then Delete Roles and Features 2 .

Server Manager

2. When launching the wizard, click the Next 1 button.

Wizard

3. Select server 1 and click Next 2 .

Select server

4. Uncheck the AD DS Service 1 box.

Uncheck AD DS

5. Click Remove 1 Features.

Remove MMC

6. An error message is displayed informing us that you must first demote the controller, click on “Downgrade the domain controller” to launch the new wizard.

Launch the wizard to demote the server

7. The wizard to demote the controller is displayed, depending on the environment in which we find different options are displayed. Click Next 1 .

It is possible to force the removal of the domain controller, this option will ignore the alerts and it will be necessary to manually delete any traces of the controller in the Active Directory.

Before 2012, when launching the dcpromo tool to remove a controller, you could check a box to indicate that the current controller was the last one that was destroying the domain. With this wizard, this box is displayed when the tool detects that the controller is actually the last one.

8. Check the Delete box 1 and click Next 2 .

Confirm delete

9. Enter the password for the local Administrator account 1 and click Next 2 .

Password

10. Validate the actions to be done then click on .

Demote

11. Wait during the demotion of the controller, when the operation is complete the server will be restarted automatically.

12. Connect to the server, this is no longer a domain controller, a notification on the server manager appears to promote the server because the AD DS service role is installed.

Server manager

13. On one of the still service controllers using the Active Directory Users and Computers console, verify that the computer object has been moved to the OU Computers.

OU computers

Now that the server is downgraded, we will see how to uninstall the roles.

Uninstall AD DS Roles

1. Restart the uninstall wizard in Server Roles 1 uncheck the AD DS 2 and DNS Server 3 roles and click Next 4 .

Uncheck DNS and AD DS

2. If necessary uninstall features, click Next 1 .

3. Confirm the deletion of roles by clicking Delete 1 .

Confirm

4. Wait while uninstalling …

wait

5. When the uninstall is complete, exit the wizard by clicking Close 1 and restart the server.

uninstall completed

The domain controller features are removed, by experience the last step is rarely performed, once the server is downgraded, the virtual machine is removed and the computer object is removed from the Active Directory.




Leave a Comment