Step-by-Step: Centrally Demote Additional Domain Controller in Windows Server 2012 using Server Manager

This is the 3rd post in this series, today we will learn how to demote one of the domain controller in our farm using Server Manager.


Setup:

Machine Name	Role	IP Address
WIN-DC	Existing Domain Controller	192.168.1.1
WIN-DC1	Remove this Domain Controller using Server Manager	192.168.1.12
WIN-DC2	Existing Domain Controller	192.168.1.13

Step 1: Demote the domain controller

1. Login in the server WIN-DC using Domain Admin account
2. Open Server Manager
3. Click All Servers and click on the server to be demoted i.e. WIN-DC1
   
   
   
   
   
4. Click Manage–> click Remove Roles and Features
   
   
   
   
   
5. This will bring Remove Roles and Features Wizard–> click Next
   
   
   
   
   
6. In Select destination server, ensure Select a server from the server pool is selected and select WIN-DC1
7. Click Next
   
   
   
   
   
8. Under Remove server roles, uncheck Active Directory Domain Services
9. This will bring Remove features that require Active Directory Domain Servers, click Remove Features
   
   
   
   
   
10. This returns a Validation Results error message
11. Click Demote this domain controller
    
    
    
    
    
12. Click Change… and provide the credentials
13. Click Next
    
    
    
    
    
14. Click Proceed with removal
15. Click Next
    
    
    
    
    
    NOTE: Read the warning message carefully
    
16. Enter the New Administrator password
17. Click Next
    
    
    
    
    
18. Click View script and save the Notepad text as DemoteDC.txt. You will use this script when demoting a domain controller using PowerShell
19. Click Demote
    
    
    
    
    
20. The Results page confirms that the server is now demoted successfully
21. Click Close
    
    
    
    
    
22. The server reboots

Step 2: Remove Active Directory Domain Services and DNS Roles with its required Features 

1. Return back to Server Manager
2. Click Manage–> Remove Roles and Features
3. Click Next
   
   
   
   
   
4. Under Select destination server, ensure Select a server from the server pool
5. Select WIN-DC1
6. Click Next
   
   
   
   
   
7. Under Remove server roles, uncheck Active Directory Domain Services
8. This will bring Remove features that require Active Directory Domain Servers, click Remove Features
   
   NOTE: You can uncheck the Remove management tools if you will be administer another domain controller from this server
   
   
   
   
   
9. Uncheck DNS Server check box
10. This will bring Remove features that require DNS Servers, click Remove Features
    
    
    
    
    
11. Click Next
12. Under Remove features
13. Scroll down to Remote Server Administration Tools–> Role Administration Tools–> AD DS and AD LDS Tools
14. Uncheck Active Directory module for Windows PowerShell
15. Click Next
    
    
    
    
    
16. Review the Confirm removal selections page
17. Check Restart the destination server automatically if required
18. Click Remove
    
    
    
    
    
19. The server reboots

Well done.

Coming up Next.. we will remotely demote a server using PowerShell

Hope this helps,
Vivek Kumbhar

Quote of the day:
An ostentatious man will rather relate a blunder or an absurdity he has committed, than be debarred from talking of his own dear person. - Joseph Addison