I need to demote a domain controller. We have three sites and two domains in our forest. This server is a DC in the parent domain.
I want to demote it while causing as little impact as possible. I've gone through the process of moving off any FSMO roles and have run dcdiag and netdiag to test everything is okay. No users should be using this DC as a DNS server.
My main concern when demoting the DC is that some users will be looking to it for logon/authentication and it will take time for DNS to correct this. I can do the work out of hours, but will need an estimate of the time required for everyone (that is, clients, AD S&S and other DCs) to acknowledge that the server is no longer a DC. Site replication is set to 1 hour.