Demoting Secondary controllers

Ingrid Henkel 66 Reputation points Microsoft Employee

A customer is asking about demoting domain controllers. Their secondary domain controllers (Win2012) are powered off. Is demoting domain controllers done from the primary domain controller or is this done from the demoted secondary servers?

The demoted domain controllers need to be powered on - right?

Documents referenced:

Related to GH Issue 4484

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
9,439 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
4,300 questions
0 comments No comments
{count} votes

Accepted answer
  1. Dave Patrick 351K Reputation points MVP

    There's a couple ways to remove a domain controller.

    1- On the domain controller to be removed; remove the active directory domain services from Server Manager Add / Remove roles.

    2- If the domain controller is already powered off or has failed then we need to remove the remnants of old one from active directory.

    Clean up Active Directory Domain Controller server metadata

    Step-By-Step: Manually Removing A Domain Controller Server

    --please don't forget to upvote and Accept as answer if the reply is helpful--

1 additional answer

Sort by: Most helpful
  1. Thameur-BOURBITA 16,586 Reputation points

    Hi Ingrid Henkel

    There two ways to demote a domain controller.

    1. If the domain controller cannot be restarted and replicate with its replication partners , in this case you can use metadata cleanup method and you have to rebuild the server before connect it again to network. Clean up Active Directory Domain Controller server metadata
    2. If the domain controller can be restarted and replicate with other domain controllers in same domain , you should use Powershel or Server Manager interface to demote it as mentioned in the following link: Demoting Domain Controllers and Domains

    Regarding your case , I suggest to restart it and demote it using the method 2.

    Before demoting the domain controller, you should check the active directory health.

    Please don't forget to mark helpful answer as accepted