Demoting Secondary controllers

Question

A customer is asking about demoting domain controllers. Their secondary domain controllers (Win2012) are powered off. Is demoting domain controllers done from the primary domain controller or is this done from the demoted secondary servers?

The demoted domain controllers need to be powered on - right?

Documents referenced:

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domain-controllers

https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/demoting-domain-controllers-and-domains--level-200-

Related to GH Issue 4484

Answer 1

There's a couple ways to remove a domain controller.

1- On the domain controller to be removed; remove the active directory domain services from Server Manager Add / Remove roles.

2- If the domain controller is already powered off or has failed then we need to remove the remnants of old one from active directory.

Clean up Active Directory Domain Controller server metadata

Step-By-Step: Manually Removing A Domain Controller Server

--please don't forget to upvote and Accept as answer if the reply is helpful--

Answer 2

Hi Ingrid Henkel •

There two ways to demote a domain controller.

1. If the domain controller cannot be restarted and replicate with its replication partners , in this case you can use metadata cleanup method and you have to rebuild the server before connect it again to network. Clean up Active Directory Domain Controller server metadata
2. If the domain controller can be restarted and replicate with other domain controllers in same domain , you should use Powershel or Server Manager interface to demote it as mentioned in the following link: Demoting Domain Controllers and Domains

Regarding your case , I suggest to restart it and demote it using the method 2.

Before demoting the domain controller, you should check the active directory health.

---

Please don't forget to mark helpful answer as accepted

---