In some instances, you may want to remove a domain controller (DC) from your domain because it is malfunctioning or you want to move it to an alternate server.
Please note that if you remove a DC from a domain, you also remove Active Directory Domain Services (AD DS) from a server. Furthermore, if this is the last DC to be removed from the domain, this eliminates the whole domain environment.
There are three ways you can remove a DC which are covered in this article:
1. Using the Active Directory Domain Services (AD DS) installation wizard
2. Using an answer file
3. Using unattended installation parameters
Prerequisite: You must be a member of the Domain Admins group in the domain to remove a DC.
Remove a DC using the AD DS installation wizard
Launch the AD DS installation wizard by navigating to the Start menu and selecting Run. In the dialog box, type ‘dcpromo’ in the text field.
Click Next on the AD DS installation wizard welcome screen.
The wizard checks whether the DC is a global catalog server. If so, a warning message appears to warn you that this DC is a global catalog server and that you should ensure other global catalog servers are accessible to users of this domain before removing AD DS. If you have another global catalog server or if you are uninstalling the only DC, click OK to continue.
The Delete the Domain page requests that you indicate whether this DC is the last DC in the domain and warns you of the effects of removing the DC if this is the case. Tick the box as shown in the example below if the DC you are removing is the last in the one in the domain. Click Next to continue.
The Application Directory Partitions page lists application directory partitions on the DC. You can either:
A) Remove the application directory partition by clicking Next to continue.
B) Retain the application directory partitions. You need to use the application which created the partition you want to retain to remove it from the list. You then click on the Refresh button to update the list.
On the Confirm Deletion page, ensure that the box is checked if you want to delete all application directory partitions and click Next to continue.
On the Remove DNS Delegation page, check the box if you want to Delete the DNS delegations pointing to this server and click Next. If you do not want to remove the DNS delegations at the present time, you can perform this operation in the parent domain.
Note: You will only receive this prompt if your DC has an Active Directory-integrated DNS zone.
Enter your administrative credentials for the server that hosts this DNS zone: com in the Windows Security dialog box. Then type a password for the new local Administrator account the wizard will create on this server after AD DS is removed and click Next.
On the Summary page, click Export settings to save your settings in an answer file if you want to use it with unattended operations (Please refer to 2. Remove a DC using an answer file). Click Next to continue to remove AD DS from the server.
Completing the Active Directory Domain Services Installation Wizard page states that AD DS has been removed. Click Finish and then select Restart Now for changes to take effect.
Remove a DC using an answer file
Note: if you have already removed a DC from your domain using the Windows Interface and exported the settings to an answer file, you can use the answer file for this particular pathway.
If you do not have an answer file, you can generate one by clicking Start and opening Notepad.
Create the answer file in Notepad using the following syntax.
An answer file example is shown below.
Save the answer file on the installation server from which it is to be called dcpromo, or save the file to a network shared folder or removable media for distribution.
Open Command Prompt as an administrator and type the following command:
Press Enter. The DC has been removed from the Domain.
Remove a DC using unattended installation parameters
Click the Start menu and run CMD as an administrator, type the following command and press enter:
dcpromo /unattend /username:
•domain admin: an account member name of the Domain Admins group.
•Domain: domain name for the domain controller.
•DA password: account password for the member of the Domain Admins group.
•local admin password: the password that will be used for the local administrator account on the server after AD DS is removed.
Please refer to the example below that shows the removal of a DC from CloudBT.com:
dcpromo /unattend /username:DA1 /userdomain: CloudBT.com /password: DA1_password /administratorpassword: p@$$w0rd