What is impact if remove NPS and DHCP server from domain

Mohd Arif 51 Reputation points

I have a DC which is hosting NPS and DHCP roles. I have to demote this domain controller to migrate it to new OS 2019. So you know after demoting DC, it will be out of domain. So will NPS and DHCP work in work group?

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,025 questions
Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
518 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Dave Patrick 426.2K Reputation points MVP

    Simpler / safer solution may be to move these roles to a member server.

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments No comments

  2. Sunny Qi 10,901 Reputation points Microsoft Vendor


    Thanks for posting in Q&A platform.

    NPS server must be joined into a domain to work. When you deploy Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) server, NPS performs authentication, authorization, and accounting for connection requests for the local domain and for domains that trust the local domain.

    You must decide in which domain the NPS is a member. For multiple-domain environments, an NPS can authenticate credentials for user accounts in the domain of which it is a member and for all domains that trust the local domain of the NPS. To allow the NPS to read the dial-in properties of user accounts during the authorization process, you must add the computer account of the NPS to the RAS and NPSs group for each domain.

    DHCP server can work accordingly in Workgroup environment unless there is an authorized DHCP server in the domain already.

    Best Regards,


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments