How to demote a Domain Controller

So you might have a system hardcoded to talk with that domain controller. Now you need to find which servers are talking to the domain controller.

  1. Disable dynamic DNS
  2. So now clean up the DNS of that domain controller so no more clients will talk to the server by DNS queries.
  3. Wait a couple of days.
  4. Then use Network monitor to check if any and which clients are still talking to the server.
  5. For DNS you can use my script from the blog post about DNS logging.
  6. Continue to remove systems that are still using the Domain Controller.
  7. When you give up or is done. You can now remove the domain controller.
  8. Depending on which Windows version you have you have the option of dcpromo or the Server Manager.

How to Prevent Domain Controllers from Dynamically Registering DNS Names

Update: Since I wrote this Pierre Audonnet has written about this too given the following suggestions.

Leave a Reply