Decommissioning Windows Server 2012 Domain Controller
As you know, Windows Server 2012 is completely new operating system. These days, the main point from domain administrator point of view is to install and promote server as Domain Controller based on that system. That’s fine and this is obvious reason 🙂 but what if, in some case, we would like to decommission it? How we can do that?
The first thing you can think of is dcpromo command. Generally, that’s true but remember, in Windows Server 2012 dcpromo cannot be used to promote/demote Domain Controller over regular way. Oh, what a big shame :/ what can I do to decommission Windows Server 2012 Domain Controller ?
The answer is simple…
… just use the new Windows Server Manager version. Thanks to that tool, you are able to decommission DC in few simple steps. Just take a look at below steps to fulfill the requirement
Log on to Domain Controller based on Windows Server 2012 and run Server Manager or wait until it will show up (if you did not change its default startup mode). Then you need to decide if you wish to decommission currently logged on DC or any other (remote DC). In case that you want to decommission remote Domain Controller just select “All servers” node in Server Manager and choose DC from the list of available servers
if not, just stay in “Local Server” node. Now, it is time to start decommissioning Domain Controller. To do that, you need to “Manage” and select “Remove Roles and Features” option
When you run that option, you will see a window with all installed roles on a server but before that you would be able to change the server to demote (if you decided to choose another one in the meantime)
To start decommissioning DC, just unselect “Active Directory Domain Services” role and confirm uninstallation for all related features
When you confirm that, you will be informed that this option is not possible until current server is Domain Controller. In a window you would see a link to start server decommission process. Click on it and you will see a wizard responsible for DC removal
Now, you are in the first step known from dcpromo. This wizard is similar to the previous one but you can find there some new options. One of them is force DC removal which previously was available only when you ran “dcpromo /forceremoval” switch. This is also possible in Windows Server 2012 to use dcpromo with /forceremoval switch to forcefully decommission DC. But hey, this is new OS, let’s start using the new way for that 🙂
As you can see in that window, there is new feature for forceful AD:DS role removal. You can do that from GUI now, you don’t need to run dcpromo with separate switch for that.
Important! Do not select option “Last domain controller in the domain” unless it is really decommission for the last DC. You would corrupt your AD environment.
When you are demoting DC, you need to be logged on with appropriate privileges. In case that you do not use an account which allows DC decommission, you may specify it during that process. Click on “Change” button and provide appropriate account.
Now, you are ready to start removing AD: DS role but you cannot do that without selecting “Proceed with removal” checkbox. This feature prevents from accidental Domain Controller decommission. To start process, select mentioned checkbox and press “Next” button.
When you are decommissioning DC which is not the last one, just press “Next”, do not select any zones or application partitions to remove.
At this step, you need to configure a password for local administrator account which was unavailable on a server as it was Domain Controller where local accounts do not exist
Now, you are ready to start! Just press “Demote” button and wait for server reboot. After restart, your server would be a domain member server
Author: Krzysztof Pytko