Search This Blog

Sunday, November 7, 2021

demote a windows 2016 domain controller

 https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/demoting-domain-controllers-and-domains--level-200-


unless it is the last, do not tick force


Server Manager offers two interfaces to removing the Active Directory Domain Services role:

  • The Manage menu on the main dashboard, using Remove Roles and Features

    Server Manager - Remove Roles and Features

  • Click AD DS or All Servers on the navigation pane. Scroll down to the Roles and Features section. Right-click Active Directory Domain Services in the Roles and Features list and click Remove Role or Feature. This interface skips the Server Selection page.

    Server Manager - All Servers- Remove Roles and Features

The ServerManager cmdlets Uninstall-WindowsFeature and Remove-WindowsFeature will prevent you from removing the AD DS role until you demote the domain controller.

Server Selection

Remove Roles and Features Wizard select destination server

The Server Selection dialog enables you to choose from one of the servers previously added to the pool, as long as it is accessible. The local server running Server Manager is always automatically available.

Server Roles and Features

Remove Roles and Features Wizard - Select roles to remove

Clear the Active Directory Domain Services check box to demote a domain controller; if the server is currently a domain controller, this does not remove the AD DS role and instead switches to a Validation Results dialog with the offer to demote. Otherwise, it removes the binaries like any other role feature.

  • Do not remove any other AD DS-related roles or features - such as DNS, GPMC, or the RSAT tools - if you intend to promote the domain controller again immediately. Removing additional roles and feature increases the time to re-promote, as Server Manager reinstalls these features when you reinstall the role.

  • Remove unneeded AD DS roles and features at your own discretion if you intend to demote the domain controller permanently. This requires clearing the check boxes for those roles and features.

    The full list of AD DS-related roles and features include:

    • Active Directory Module for Windows PowerShell feature
    • AD DS and AD LDS Tools feature
    • Active Directory Administrative Center feature
    • AD DS Snap-ins and Command-line Tools feature
    • DNS Server
    • Group Policy Management Console

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)