Microsoft Lab 5 – DC Demote

Download

DC Demote

In Lab 5 - Domain Controller (DC) Demotion, participants typically engage in the process of decommissioning or demoting a domain controller within an Active Directory environment running on Windows Server 2016. This lab involves tasks such as transferring or seizing operations master roles, ensuring the proper replication of Active Directory data, and initiating the demotion process. Participants may explore considerations such as DNS cleanup and metadata cleanup to ensure the removal of the demoted domain controller from the Active Directory forest. The lab aims to provide hands-on experience in performing a secure and systematic demotion of a domain controller, ensuring the continued integrity and stability of the Active Directory environment. Successful completion of Microsoft Lab 5 equips participants with essential skills in managing the lifecycle of domain controllers, facilitating efficient maintenance and restructuring within the Active Directory infrastructure.

Lab:

  1. Open Server Manager -> Click Manage, and then Remove Roles & Features.

2. Review the Before You Begin page, Click Next

3. On Select Destination Server page, select the target DC and click Next

Note: The 2016 Server Manager allows roles and features to be installed and removed remotely.

4. On the Remove Server roles, click on the Active Directory Domain Services box to remove the check box, and select select Remove Features.

5. On the Remove Roles and Features Wizard dialog box Validation Results box will appear**.**  The domain controller must be demoted before continuing.  Click on Demote this domain controller.

Note:  To demote a replica domain controller you must be at the least a Domain Admin to remove an entire domain from the forest or to demote the last DC of a Forest you must provide Enterprise Admin credentials.

Note:  Only select Force the removal of this domain controller if the DC and not communicate with the remaining DCs

6. On the New Administrator Password, enter and confirm the new local administrator account password, click Next

7. On the Review Options verify the information is correct and click Demote

8. This will begin the demotion process. To finish the demotion the server will automatically restart

9. If this server is not going to be promoted back to a domain controller in the future rerun the Remove Roles and Features Wizard to remove the AD DS Role from the server.