How to demote a domain controller in Windows Server 2012 and later

How to be in Windows Server 2012 And later versions demote domain controllers

If you don't downgrade, reload the system , There will be problems , Therefore, before reloading the DCS, the system must be degraded first .

Using server manager will Windows Server 2012 / 2012 R2 Domain controller demotion

Operation steps

Graphical operation （ Don't suggest ）

1. Open the server manager
2. Click Manage ️ Delete roles and features
   
3. If the system prompts you “ Select the target server ”, Please select the target DC.
   
4. stay “ Remove server role ” It's about , Click next , And in “ Delete function ” It's about , Click next .
5. Deselect Active Directory Check box for domain services role .
6. The wizard provides related functions . Click the delete function button

• The validation results dialog box appears , It shows a message , Express “The Active Directory domain controller needs to be demoted …”（ Need to put Active Directory Domain controller demotion ...）. Click Show “Demote this domain controller”（ Demote this domain controller ） Link to .
• Enter new credentials that have the right to demote the server , Or keep your existing credentials .
• If DC The reason for the demotion is the loss of contact with the domain , Then you need to force it to be deleted , And manually delete its items （ Metadata cleanup - Please refer to the link below ）. choice “ Force deletion of this domain controller ” Options .
• If so DC It's the only remaining DC, Please make sure to check “ The last domain controller in the domain ” Check box ; otherwise , Please clear the check box . single click
  “Next（ next step ）”.
• On the warning screen, click next .
• Set a new local administrator password .
• Click demote .
• The server will be degraded and automatically restarted .AD DS Binaries still exist on the server , But the server is no longer a domain controller .

Command line operations

It's a little simpler than Visualization , This method is recommended .

1. open Powershell Prompt

2. Input “uninstall-addsdomaincontroller”

To force the deletion of , Please put -forceremoval $true Add to command line

3. Enter the new local administrator password when prompted , Then press Enter key .

4. Confirm the password , Then press Enter key .

5. Accept the default value , Then press Enter key .

6. The server will be degraded and automatically restarted .AD DS The binary will still exist on the server , But the server has been degraded .

Reference link

Link one