Thursday, September 27, 2012

Domain Controller demotion by PowerShell on Windows Server 2012

I will  demote a domain controller by PowerShell on Windows Server 2012.

Assuming that there is 1 domain controller named DC01 in "contoso.com" domain.

1. On DC01, log in as Domain Administrator.
2. Launch "PowerShell".
3. Perform "Test-ADDSDomainControllerUninstallation -LastDomainControllerInDomain -RemoveApplicationPartitions | ft -Wrap".
4. Provide a new local administrator password.


The status is "Success".

Remark: Before the domain controller is demote, we can perform  "Test-ADDSDomainControllerUninstallation" cmdlet to runsome prerequisites check in your domain environment.  "Test-ADDSDomainControllerUninstallation" is a new cmdlet in Windows Server 2012.

5. Perform "Uninstall-ADDSDomainController -LastDomainControllerInDomain -RemoveApplicationPartitions".
6. Provide a new local administrator password for DC01.


7. Enter "Y" to continue with this operation.


Now, DC01 is demoting the AD DS. When the demotion finished, DC01 will restart automatically.

As a result, DC01 was demoted.

Remark: To force removal a domain controller by PowerShell, perform "Uninstall-ADDSDomainController -ForceRemoval -DemoteOperationsMasterRole".


This posting is provided “AS IS” with no warranties, and confers no rights!