I'm sure that you have an overview of additional DC as well as its promoting process via previous episodes of Administer Active Directory Domain Services Domain Controllers.
In addition to that, you may find the necessary processes of removal/decommission a DC if you face these scenarios:
– you have another machine with a better level of hardware to move on.
– a DC is too old to operate in a domain that requires high DFL/FFL.
– it would be nice to have "smaller" but multiple DCs to improve availability/responsible of the corp network by designate them into Sites, so you "split" this big one.
[00:09] And there is no reason to miss the Cloud party by implementing Azure Active Directory infrastructure, so you have to degrade on-premise Domain Controllers.
[00:16] AD DS Demoting and Role Removing is two procedures of the DC Decommission.
Make sure you know the difference is that with Windows Server 2012, we must utilize Server Manager and dcpromo for WS 2008.
You can find a comprehensive guide about the demoting of Windows Server 2008 here:
rather than WS 2012 that I'm demonstrating.
Follow my YOUTUBE channel to see about AD DS Role removal.
[00:22] With the Server Manager, you can decommission this additional DC in one shot via Remove Roles and Features.
There is a nice step-by-step tutorial on Microsoft TechNet: http://bit.ly/demoting-DC-domain-TN
In a real deployment, you mustn't ignore these best practices:
– Decide if you want to save or delete role data
– Migrate role settings and data to another server
– Schedule downtime for affected services
– Notify users of potential service interruptions
Remote management is a big improvement of Windows Server as well as its Server Manager.
Though you can switch to another DC, master DC SnoOpy-Server, for example, to do this Role removal by select SnoOpy-Server-2 10.0.0.2 WS 2012 Datacenter as a destination.
[00:42] Un-check Active Directory Domain Services to indicate it will be removed.
Its associated management tools can be deleted, too.
[00:48] The Active Directory domain controller needs to be demoted before the AD DS role can be removed. So you will be linked to the Demoting Wizard.
[00:54] In this virtual lab environment, I leave the master DC suspended, so this additional DC can't synchronize metadata/changes properly with it, and this warning appears.
It indicates that the "Force the removal of this domain controller" must be selected = all un-replicated changes on that ADC, such as passwords or new user accounts, are lost forever.
Furthermore, take care of the application partition: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc784421(v=ws.10)
Keep in mind that this DC is holding these services/roles: DNS Server and Global Catalog those are required for AD DS functionality.
You must take care of further interruptions behind this removal.
The New Administrator Password page requires you to provide a password for the built-in local computer\`s Administrator account, once the demotion completes and the computer becomes a domain member server or workgroup computer.
[01:21] Thanks to this Review Options page, you can take a look at what you selected: Remove Active Directory Domain Services from this computer \without updating forest metadata (Force the removal of this domain controller).
[01:25] These settings can be exported to a Windows PowerShell script to automate additional installations.
[01:26] Thinks twice before you do anything on Domain Controllers, there is no such snapshot to revert in real life!
The demoting process is being executed in the background.
After some cleanups, a server reboot, one local admin login, this additional DC is nothing but a standalone server which operates in the WORKGROUP.
[01:52] I strongly recommend that you implement at least one method to back up DCs in general before you do anything like this decommission (Windows Server Backup, Acronis Active Directory Backup " Recovery Solutions, etc.).
[01:55] You should refer the comprehensive guide about "Migrating Domain Controllers From Server 2008 R2 to Server 2012 R2" which includes our demoting process in advanced.
[01:57] If you previously selected Force the removal of this domain controller on the Credentials page, then the Warnings page shows all Flexible Single Master Operations roles hosted by this domain controller. You must seize the roles from another domain controller immediately after demoting this server.
So watch out my next episode about that :3