SOLVED: How To Properly Demote A Domain Controller

Follow this procedure to demote a Domain Controller:

1. Click START
2. Click on SERVER MANAGER
3. Click MANAGE (top right corner)
4. Click REMOVE ROLES AND FEATURES
5. Click NEXT through the first two screens
6. Uncheck ACTIVE DIRECTORY DOMAIN SERVICES
7. Click REMOVE FEATURES button
8. Click DEMOTE THIS DOMAIN CONTROLLER

At this point there are a number of prompts that are mostly obvious, including setting the password for the LOCAL user account. Remember that DC’s do not have a local account so you need to set one.

SHOULD I FORCE THE REMOVAL OF THIS DOMAIN CONTROLLER?

You will also see a screen with a checkbox for FORCE THE REMOVAL OF THIS DOMAIN CONTROLLER and you should ONLY check that if this is the last DC in the Forest (i.e. you are killing everything) or if this DC cannot talk to other Domain Controllers for some reason (i.e. physically in a different office with no connectivity).

If you do check FORCE THE REMOVAL OF THIS DOMAIN CONTROLLER you will need to follow THIS simple clean up procedure on one of the DC’s that still lives on the domain. Otherwise, the other DC’s will think that machine you demoted is still a DC and that will cause you problems.