How to Decommission a Domain Controller
Decommissioning a dc requires all domain services that
currently reside on a server need to be moved to other dc’s.
- You
need to move any fsmo roles from this dc to another dc (KB255960)
- To
learn where the roles reside run the command netdom
query fsmo
- If
the PDCe fsmo role resided on this DC then you
need to reconfigure the new holder of the PDCe
to either use the internal hardware clock or an external source. I would recommend using an external
source KB816042.
- There
needs to be at least one Global Catalog (GC) in each domain and it is recommended
that there is one in each site (KB313994)
- Move
DNS services to other DC’s if this DC is a DNS provider. Also point all clients that use this
server for DNS to the new DNS server
- If
AD integrated simply installing DNS on a member server prior to promotion
will bring up a new DNS server
- If
not AD integrated and this is a primary server then a new primary server
will need to be brought online. From DNS server manager the server
needs to be promoted to primary
- If a
secondary server then make the new dc a new secondary server
- If a dhcp server then the dhcp servers database needs to be backed up and copied to
the new dhcp server. The old dhcp
server deauthorized and the new dhcp server authorized (KB325473)
- If you
have Encryption File System (EFS) enabled you will need to move the
private key if it resides on this dc (KB241201). You use the recovery agent's private key
to recover data in situations when the copy of the EFS private key that is
located on the local computer is lost
- If
this server manages Terminal Server Licensing (TSL) then it will have to
be moved to a new DC. From
Add/Remove programs you will need to add a new TSL. You can then restore the licenses by
using the TS License Manager tool with the Telephone activation mechanism.
You can switch to the Telephone mechanism by right clicking on the server
in TS License Manager, and then selecting properties from the menu. (TS
FAQ)
Finally once this is all accomplished go ahead and demote
the dc to a member server (KB238369)