Forcibly Demote Windows 2012

Brian MacConnell
Brian MacConnell used Ask the Experts™
on
Before you read further, I inherited this complete cluster of a situation.

I recently took over as the IT Manager for a company.  We have about 30 locations each with a DC (which is also an SQL and application server).  Each location has a VPN connection back to headquarters and to our Cloud environment.  Long story short, most of the branch DCs have tombstoned.  All of these branch servers are physical and most  are 2012 with a few 2016.  Of course there are no backups of the branch servers.

My original plan was to demote, remove from the domain, rename, rejoin domain and keep as a member server, as we still need the SQL to function.   There are too many physical locations to drive to each to recover or reinstall Windows (There's no iLO, DRAC or OOBM).  I've tried to forcibly demote one 2012 server and have hit issue after issue.

Looking for any suggestions on how to forcibly demote these servers without having to reinstall Windows.  To make the situation even more interesting, the servers in question are pointing to an old FSMO role holder which no longer exists.

This is the immediate plan as all the branch servers are being replace over the next 2 months.  I'm up for any suggestions as long as I can keep SQL running.

Side note there are solid functioning, replicating, backed up DCs in the environment now.

Error During Demotion:

The operation failed because:
DFS Replication: The target principal name is incorrect.
"The target principal name is incorrect."
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018

Commented:
Yanking AD out from under SQL usually breaks it anyways. DCs don't handle service accounts like member servers do and comocating SQL on a DC is usually very bad for this reason (among others.)

As you said, you inherited this situation. Sadly though, keeping SQL running is probably not an option in this scenario. That bridge has already been crossed.

I can't think of a good way to get there from here. Might as well bite the bullet and start rebuilding.
Thank you for your responses.  The above problem was solved by stopping the KDC service.  This allowed for the demotion to complete.  I am removing AD from all the servers now.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial