Home / server / Questions / 43983
Accepted
MatthewMartin
Asked: 2009-07-23 04:09:20 +0800 CST

Change Windows 2003 domain controller to ordinary server?

  • 772

How do I change a domain controller to a non-domain controller? And more importantly, can it be done safely? Will this ultimately call for a repave of the machine?

I've found the dcpromo command, but wanted to get some feedback before I hose this machine.

Background. Someone set up this server by checking "all features" when installing. This server is a DNS server, Domain Controller, you name it. In practice it is use as a file share and build server.

windows-server-2003 domain-controller

6 Answers

  1. Best Answer

    Removing Active Directory from that server computer, assuming that you have other domain controller computers, is a straightforward process. (If it's the only domain controller in its domain or forest then you need to ask yourself some questions re: whether or not that particular domain or forest needs to exist.)

    In Windows NT 4.0 you had to "repave" machines to change their role. Since Windows 2000 it's been much easier.

    (If you've installed SQL Server 2005 on the machine already there can be some minor issues that will need to be addressed after the demotion. Assuming you have not, proceed.)

    • Start / Run / dcpromo
    • You will be prompted to remove Active Directory. Take default choices throughout the domain controller promotion / demotion process, being sure not to indicate that this is the last domain controller in its domain (unless it really is and you're really sure you want to do that).

    After the machine completes the process and restarts it will be a non-domain controller member server in the domain it was previously acting a as a domain controller within.

    • 7

  2. Use the server roles wizard. It should demote it nicely.

    • 4

  3. I like to run DCDIAG before demoting a DC. If your domain passes all those tests, there shouldn't be any issues running DCPROMO.

    • 3

  4. Make sure that the edition of 2003 is not SBS. If one of the Small Business Server editions finds it is not running as a domain controller it will shut itself down 60 minutes after startup. See http://support.microsoft.com/kb/555087 for a little more detail.

    • 3

  5. DCPROMO is indeed the command you would use here. DCDIAG is useful as mentioned above. You might also want to use NTDSUTIL or the user interface equivalents to make sure you are aware of what FSMO roles this DC holds and then shift those roles to appropriate servers within your network. I'd make sure you get the Domain Naming Master and the infrastructure master off of this box and replicate it to everything else before moving forward.

    • 3

  6. Possible cleanup items; DNS and WINS. Check that the demoted DC pulled all its records (except A and PTR) from DNS; usually not a problem with MS-DNS, however, if it itself is its own DNS server (AD-integrated DNS), you may want to point it to another DNS during the process.

    WINS (if you use it) - clean out the 1C record. Only way I know of is to delete it from all WINS servers, then re-register it on existing DC's.

    • 1