1 300 737 205

How to Remove a Domain Controller from a Domain

In some instances, you may want to remove a domain controller (DC) from your domain because it is malfunctioning or you want to move it to an alternate server.

Please note that if you remove a DC from a domain, you also remove Active Directory Domain Services (AD DS) from a server. Furthermore, if this is the last DC to be removed from the domain, this eliminates the whole domain environment.

There are three ways you can remove a DC which are covered in this article:

1. Using the Active Directory Domain Services (AD DS) installation wizard
2. Using an answer file
3. Using unattended installation parameters

Prerequisite: You must be a member of the Domain Admins group in the domain to remove a DC.

Remove a DC using the AD DS installation wizard

Launch the AD DS installation wizard by navigating to the Start menu and selecting Run. In the dialog box, type ‘dcpromo’ in the text field.

Click Next on the AD DS installation wizard welcome screen.

The wizard checks whether the DC is a global catalog server. If so, a warning message appears to warn you that this DC is a global catalog server and that you should ensure other global catalog servers are accessible to users of this domain before removing AD DS. If you have another global catalog server or if you are uninstalling the only DC, click OK to continue.

The Delete the Domain page requests that you indicate whether this DC is the last DC in the domain and warns you of the effects of removing the DC if this is the case. Tick the box as shown in the example below if the DC you are removing is the last in the one in the domain. Click Next to continue.

The Application Directory Partitions page lists application directory partitions on the DC. You can either:

A) Remove the application directory partition by clicking Next to continue.

OR

B) Retain the application directory partitions. You need to use the application which created the partition you want to retain to remove it from the list. You then click on the Refresh button to update the list.

On the Confirm Deletion page, ensure that the box is checked if you want to delete all application directory partitions and click Next to continue.

On the Remove DNS Delegation page, check the box if you want to Delete the DNS delegations pointing to this server and click Next. If you do not want to remove the DNS delegations at the present time, you can perform this operation in the parent domain.

Note: You will only receive this prompt if your DC has an Active Directory-integrated DNS zone.

Enter your administrative credentials for the server that hosts this DNS zone: com in the Windows Security dialog box. Then type a password for the new local Administrator account the wizard will create on this server after AD DS is removed and click Next.

On the Summary page, click Export settings to save your settings in an answer file if you want to use it with unattended operations (Please refer to 2. Remove a DC using an answer file). Click Next to continue to remove AD DS from the server.

Completing the Active Directory Domain Services Installation Wizard page states that AD DS has been removed. Click Finish and then select Restart Now for changes to take effect.

Remove a DC using an answer file

Note: if you have already removed a DC from your domain using the Windows Interface and exported the settings to an answer file, you can use the answer file for this particular pathway.
If you do not have an answer file, you can generate one by clicking Start and opening Notepad.
Create the answer file in Notepad using the following syntax.

DCINSTALL
username=administrative_account_in_the_domain
userdomain=domain_name_of_administrative_account
password= password_for_account_in_UserName
administratorpassword=local_administrator_password_for_server
removeapplicationpartitions=yes
removeDNSDelegation=yes
DNSDelegationUserName=DNS_server_administrative_account_for_the_DNS_zone_that_contains_the_DNS_delegation
DNSDelegationPassword=password_for_DNS_server_administrative_account

An answer file example is shown below.

Save the answer file on the installation server from which it is to be called dcpromo, or save the file to a network shared folder or removable media for distribution.

Open Command Prompt as an administrator and type the following command:

dcpromo /unattend:”

Press Enter. The DC has been removed from the Domain.

Remove a DC using unattended installation parameters

Click the Start menu and run CMD as an administrator, type the following command and press enter:

dcpromo /unattend /username: /userdomain: /password: /administratorpassword:

Note:
•domain admin: an account member name of the Domain Admins group.
•Domain: domain name for the domain controller.
•DA password: account password for the member of the Domain Admins group.
•local admin password: the password that will be used for the local administrator account on the server after AD DS is removed.

Please refer to the example below that shows the removal of a DC from CloudBT.com:

dcpromo /unattend /username:DA1 /userdomain: CloudBT.com /password: DA1_password /administratorpassword: p@$$w0rd

Request Your Free Consultation Today

We’ll come to your place of business, and give you a full diagnostic snapshot of your IT systems.