Saturday, October 4, 2014

Domain Controller demotion on Windows Server Technical Preview (vNext)

A previous post, I promoted a server a domain controller. Basically, the steps are same as Windows Server 2012 and Windows Server 2012 R2 to promote a server to the first domain controller. How about demotion steps of Windows Server Technical Preview (vNext)? Basically, it's the same. Anyway, I will demote the last domain controller, DC10, on my lab.
Lab environment
1 and the last domain controller in tls1.lab environment.

Prerequisites
Create a checkpoint for DC10 to perform domain controller demotion by GUI and PowerShell.
Lab
Demote a domain control though GUI.
1. On DC10, log in as Domain Administrator.
2. Launch "Server Manager".
3. On "Server Manager", click "Manage > Remove Roles and Features".
4. On "Before you Begin" window, click "Next".
5. On "Server Selection" window, click "Next".

6. On "Server Roles" window, un-check "Active Directory Domain Services".

7. Then, click "Remove Features".


8. On "Validation Results" window, click "Demote this domain controller".


9. On "Credentials" window, check "Last domain controller in the domain".


Because there is only 1 domain controller in my lab environment, I checked "Last domain controller in the domain" option. If there is more than 1 domain controller in your environment, you don't need to check this option. "Force the removal of this domain controller" is same as "Force removal" option of previous Windows versions.

10. Click "Next".
11. On "Warnings" window, check "Proceed with removal".


12. Click "Next".
13. On "Removal Options" window, check "Remove this DNS zone (this is the last DNS server that hosts the zone)" and "Remove application partitions" options.


"Remove this DNS zone (this is the last DNS server that hosts the zone)" option is applied to the last domain controller. If not, we don't need to check it.

14. Click "Next".
15. On "New Administrator Password" window, enter a new local administrator password for this server.


16. Click "Next".
17. On "Review Options" window, click "Demote".


After demotion, the server will restart automatically.


Then, we can remove "Active Directory Domain Services" though "Server Manager".

Demote a domain control though PowerShell.
1. On DC10, log in as Domain Administrator.
2. Launch "PowerShell" as administrator.
3. Perform "Uninstall-ADDSDomainController -LastDomainControllerInDomain -DemoteOperationMasterRole:$True -RemoveApplicationParitions" to demote the last domain controller.
4. Enter a new local administrator password.


5. Enter "Y" to demote the domain controller.


Then, we can perform "Uninstall-WindowsFeature AD-Domain-Services" to uninstall the Active Directory Domain Services feature on the server.

This posting is provided “AS IS” with no warranties, and confers no rights!

No comments:

Post a Comment