Decommissioning Secondary Domain Controller

What is the best practice to decommission a secondary dc on Windows 2003 Server with global catalog enabled on both primary and secondary?

Who is Participating?

Improve company productivity with a Business Account.Sign Up

AkhaterConnect With a Mentor Commented:
as long as it is not an exchange server

DCpromo it out
disjoin it from your domain

make sure the clients are not using it as DNS server etc...

that's it
GMorineauConnect With a Mentor Commented:
Check the FMSOs... Be sure that all are in the last DC.

Check the DNS and network services like DHCP, WINS or similar... transfer any service to the other DC. If everything is ok, disable the global catalogue and use the DCPROMO command.

Very easy.
Darius GhassemCommented:
Make sure the clients and other servers are pointing to this server for DNS.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

"Check the FMSOs... Be sure that all are in the last DC."

not needed roles will be transferred automatically when dcpromo out is happening

Akhater, m1itsupport ask for "best pratices".

The system is able to fix some "forgets", but I prefere do my Checklist. I dont like computer thinking alone!!!
@Gmorineau well I don't mind your checklist and I would agree with it if it was more than 2 DCs but with only 2 dcs you don't really have a lot of options to relocate them.

you are right, I dont question that.... but, following Microsoft instructions:

To demote a domain controller
1) On a domain controller, click Start, and then click Run.

2) In Open, type dcpromo to open the Active Directory Installation Wizard, and then click Next.

3) On the Remove Active Directory page, click Next, and then continue to follow the wizard.


Before you complete this procedure, verify that this domain controller is not the only global catalog and that it does not hold an operations master role.


To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

If this domain controller is a global catalog, ensure that another global catalog is available to users before demoting it. For information about configuring domain controllers to host the global catalog, see Related Topics.

If this domain controller currently holds one or more operations master roles, transfer the operations master roles to another domain controller before demoting it. For information about locating operations masters and transferring operations master roles, see Related Topics.

If this domain controller is the last domain controller in the domain, demoting this domain controller will remove this domain from the forest. If this is the last domain in the forest, demoting this domain controller will also delete the forest. For information about removing domains and forests, see Related Topics.

If this domain controller holds the last replica of one or more application directory partitions, you must first remove the last application directory partition replicas from this domain controller before you can demote it. You can use the Active Directory Installation Wizard to remove all application directory partition replicas from this domain controller or you can manually remove them using the Ntdsutil command-line tool. For information about application directory partitions, see Related Topics.

Please also make sure this DC is NOT used by exchange for the RUS service

open Exchange System Manager -> Recipients -> Recipients update service
m1itsupportAuthor Commented:
Thank you all,
i have one more question.
what if the server is the Alternate DNS Server too??
Darius GhassemCommented:
If this server is not being used anymore then you must remove the DNS TCP\IP setting for any client that has this server listed as a DNS server. Then you can just delete the zone from the server and you should be good to go.
well... If your server is a secondary domain controller, it very probable that server is also DNS service running!

Anyway, like dariusq said, be sure that server is not used by any client or mentioned by any service (like DHCP service) to your network. if ok, remove it and sleep well.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.