Reading Time: 3 minutes
Share:
Twitter
LinkedIn
Facebook
Google+
Reddit
Whatsapp
Follow by Email

In other Step by Step posts, I have talked about the steps used to create a new Forest and adding a Domain Controller to an existing Forest using PowerShell and also the steps used to migrate FSMO Roles. So in this step by step guide I am going to go through the steps you will have to take to demote a Windows Server Domain Controller using PowerShell. This can be done via the GUI, but as you may know, I am into PowerShell, so should you. And it’s the quickest solution.

Test Demotion

It’s always good to test this first. By using the following command we can safely demote the Domain Controller as a simulation to check for any errors.

Open PowerShell with elevated credentials
Type the following command.

Test-ADDSDomainControllerUninstallation -DemoteOperationMasterRole -RemoveApplicationpartitions
view raw Demote_DC.ps1 hosted with ❤ by GitHub

If this is the last Domain Controller in the Domain add -LastDomainControllerInDomain to the above command. This is handy for when you are removing a Domain from a Forest.


Enter a password you would like to use for the local administrator account of this server.

Check Status. If it says Success then we can proceed to the demotion. If it says Fail, some troubleshooting will need to happen.

The Demotion

Now our tests have completed successfully, or we have fixed any issues and retested. We can finally demote the Domain Controller.

Open PowerShell with elevated credentials.
Type the following command.

Uninstall-ADDSDomainController -DemoteOperationMasterRole -RemoveApplicationpartitions
view raw Demote_DC.ps1 hosted with ❤ by GitHub

Again, if this is the last Domain Controller in the Domain, add -LastDomainControllerInDomain to the above command.

Enter a password you would like to use for the local administrator account on this server.

Read the warning message and press Y for Yes or A for Yes to All. Note: the server will automatically restart.

You should see a Success message and the server will then restart.

At the login box, you will need to login to the server using the password you typed in earlier.

And that’s it. You have now demoted a Domain Controller.

Explanation of the Command

Test-ADDSDomainControllerUninstallation

This command is to run the uninstallation test. It is like a simulation to check any issues or dependencies while uninstalling.

Uninstall-ADDSDomainControllerUninstallation

This command is to run the uninstallation.

DemoteOperationMasterRole

This command is to demote all the Operations master roles i.e. FSMO (Flexible Single Master Operations role).

RemoveApplicationPartitions

This switch is required to remove application partitions.

LastDomainControllerInDomain

This switch is compulsary if this is the last DC in domain. If you have multiple DCs then this swith is not required.

Any Questions, just comment bellow.

Share:
Twitter
LinkedIn
Facebook
Google+
Reddit
Whatsapp
Follow by Email

Pixel Robots.

I’m Richard Hooper aka Pixel Robots. I started this blog in 2016 for a couple reasons. The first reason was basically just a place for me to store my step by step guides, troubleshooting guides and just plain ideas about being a sysadmin. The second reason was to share what I have learned and found out with other people like me. Hopefully, you can find something useful on the site.

Leave a Reply

Your e-mail address will not be published. Required fields are marked *

*

I agree