We help IT Professionals succeed at work.

What impact will demoting Domain Controllers have? Is there a way to test?

For some reason there are 6 domain controllers at 1 site. I don't see the need for them and would like to do some clean up tasks.

There are:
4 x 2008 R2 DC's (which one of them is the PDC)
2 x 2003 DC's.

I only want to keep 2 of the 2008 R2 DC's.

Are far as I can see the domain functional level etc is at 2008 R2 level, so just wondering if there would be any other potential impacts by demoting these DC's back to member servers?

It's not causing us chaos or anything, just the odd GP delay. Demoting & promoting is just one of things you only have to do once every few years, so I never remember the important details :)
Comment
Watch Question

IT Manager
Commented:
Hello,
I can recommend to make a review of all servers you would like to demote with the focus on:
- running services - Certification Authority, Radius Server,.....
- AD roles (Global Catalog)
Based on the result I can give you hints on how to demote.
Tomas
Most Valuable Expert 2015
Commented:
What else is running on those DC's? Things like Exchange, SQL, Sharepoint, Terminal Services, Hyper-V, File-services etc shouldn't run on any DC (with the exception of an SBS Server, which has to be the DC).

So you should demote those servers that run those tasks I mentioned. A DC should be dedicated as DC.

One of your remaining DC's must hold at least the necessary AD roles.

Having at least one 2nd DC in an active dir domain is mainly good for backup purposes for the event that the main DC fails.

Otherwise demoting your surplus DC's should be no problem.
How can your domain be using 2008 functional mode when you still have Windows 2003 servers?

Can you post the results of the following commands so we can get a better idea of your environment.

dcdiag /v /e > c:\dcdiag.txt
repadmin /showrepl >c:\repadmin.txt

Also as rindi has stated we need to know what other services are running in your enviroment
Aaron TomoskyDirector, SD-WAN Solutions

Commented:
First off, pretty sure if you have 03 dcs the functional level can't be 08.

Demoting a DC does have the added affect of removing dhcp and DNS so make sure those old 03 dcs are not being referenced. Don't forget to check dhcp helper rules  in your firewall.

Here are my notes to self for upgrading the functional level of the domain. I mostly do 2012r2 but it applies to 08r2 for the most part:

http://blogs.technet.com/b/canitpro/archive/2014/04/02/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
http://community.spiceworks.com/how_to/57636-migrate-active-directory-from-server-2003-to-server-2012-r2
http://networkadminkb.com/KB/a15/transitioning-a-windows-2003-domain-to-windows-2008-r2.aspx

check for frs usage
http://blogs.technet.com/b/askds/archive/2012/01/20/friday-mail-sack-it-s-a-dog-s-life-edition.aspx#sysvol

NetDOM /query FSMO
active directory domains and trusts -> raise forest functional level

check ad rep status
Repadmin /syncall /force /APed
reboot all DCs

migrate from frs to dfs
http://blogs.technet.com/b/filecab/archive/2014/06/25/streamlined-migration-of-frs-to-dfsr-sysvol.aspx

add dfsrdiag to windows 2012r2
http://www.dell.com/support/article/us/en/19/SLN289692/EN

Repadmin /syncall /force /APed
Dfsrdiag.exe pollad
#to run this on all dcs:
Get-ADDomainController -Server domainname.com -Filter * | % { Update-DfsrConfigurationFromAD -ComputerName $_.name -Verbose }