Decommissioning the old Domain Controller
When you connect into your network new Domain Controllers, you may wish to remove the old ones. The reason can vary, you have newer hardware on which DC is running or you just want to remove old Windows 2000/2003 Domain Controllers which were replaced by Windows Server 2008.
To do that you need to have a Domain Admin account. When you are sure that decommissioning DC can be done, you need to do some additional steps before you really remove it from your network.
First of all, you need to check the forest/domain condition if there are no errors. To do that, you need to use dcdiag and repadmin tools. Dcdiag is available on Domain Controller by default but repadmin must be installed from Support Tools from Windows Server CD.
Run command-line and type dcdiag /v to check condition of your domain environment. Review an output and check if everything is ok. If not, you have to fix errors before continuing with Domain Controller decommissioning.
you should also check if Active Directory replication between Domain Controllers occurs regularly. To check that use repadmin tool from Support Tools. You need to install them from Windows Server CD. After installation they are located by default in “C:Program FilesSupport Tools”
enter this syntax and review an output to see if there is no error in AD replication.
repadmin /showrepl /all /verbose
You should also check if DC which will be decommission, do not hold any of FSMO roles. Don’t worry, decommission process will transfer them automatically to another available Domain Controller but it’s better to control this process by yourself. Please ensure also if at least one Global Catalog server is available in your network after decommission process.
Now, when you are sure that you have no errors in your Domain Environment, you can start decommissioning Domain Controller. Log on to that particular server with Domain Admin credentials and in run box type dcpromo (like in DC promotion process)
Active Directory installation wizard will be displayed. Continue this process
you will be warned to ensure that at least one Global Catalog will be left in your environment
on the next screen do not select “This server is the last domain controller in the domain” checkbox. This option is only used when you are demoting the last Domain Controller and you also want to remove the domain. So, go further without any changes on this screen in this case
Set up a server’s password. After decommission it will be a domain member server and you need to specify local administrator’s password.
to permanently remove Active Directory role from this server click “Next”
wait until Active Directory services will be removed from the server and when your DC is decommissioned, you need to reboot it, to complete a process
As you can see, your box is a domain member now.
If you wish to keep this server in your environment it’s good to consider its name change (if it was related with DC – as in my example). When you don’t want to use this server anymore, you can shut it down and then clean up DNS records and Sites and Services.
To do that, open DNS management console and delete all DNS records related with removed Domain Controller. Next, run Active Directory Sites and Services console and from appropriate Site, remove a server.
Confirm that you want to remove this object and that’s it.
Author: Krzysztof Pytko