- Active Directory Administration Cookbook
- Sander Berkouwer
- 166字
- 2021-06-24 14:42:13
Getting ready
Before you can demote a domain controller, you should make sure of the following:
- It no longer hosts any FSMO roles.
- It no longer offers networking services, such as DNS, LDAP, RADIUS, or WINS. These protocols are largely manually configured on networking devices and other servers. Demoting a domain controller that offers these services might negatively impact the networking infrastructure. Reconfigure networking devices and servers to use alternative domain controllers or services, first.
- It is not an Enterprise Root Certification Authority (CA). When a domain controller is configured as an Enterprise Root CA using Active Directory Certificate Services (AD CS), it cannot be demoted. First, the CA needs to be migrated.
- There are other global catalog servers available when you remove a domain controller that is also configured to be a global catalog server.
For successful demotions, the domain controller you intend to demote needs to have at least one network interface card attached to the network. Other domain controllers should be reachable.