So you want to get rid of a domain controller, but don’t want incidents with systems configured directly to that controller?

First of start with disabling the dynamic registration of the Domain Controller in DNS. The easy way of doing that is by setting the registry value of UseDynamicDns to 0.

reg add HKLM\System\CurrentControlSet\Services\Netlogon\Parameters /v UseDynamicDns /t REG_DWORD /d 0
net stop netlogon
net start netlogon

So now the Domain Controller wont register it self in the DNS again. So now lets start to remove entries from the DNS. There exist a list in the %WINDIR%\System32\config\netlogon.dns, Below is an example of that list.

example.tld 600 IN A 192.168.0.11
_ldap._tcp.example.tld 600 IN SRV 0 100 389 oldDC01.example.tld
_ldap._tcp.Default-First-Site-Name._sites.example.tld 600 IN SRV 0 100 389 oldDC01.example.tld
_ldap._tcp.gc._msdcs.example.tld 600 IN SRV 0 100 3268 oldDC01.example.tld
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.example.tld 600 IN SRV 0 100 3268 oldDC01.example.tld
_ldap._tcp.<Domain GUID>.domains._msdcs.example.tld 600 IN SRV 0 100 389 oldDC01.example.tld
gc._msdcs.example.tld 600 IN A 192.168.0.11
<DomainController GUID>._msdcs.example.tld 600 IN CNAME oldDC01.example.tld
_ldap._tcp.dc._msdcs.example.tld 600 IN SRV 0 100 389 oldDC01.example.tld
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.example.tld 600 IN SRV 0 100 389 oldDC01.example.tld
_gc._tcp.example.tld 600 IN SRV 0 100 3268 oldDC01.example.tld
_gc._tcp.Default-First-Site-Name._sites.example.tld 600 IN SRV 0 100 3268 oldDC01.example.tld
DomainDnsZones.example.tld 600 IN A 192.168.0.11
_ldap._tcp.DomainDnsZones.example.tld 600 IN SRV 0 100 389 oldDC01.example.tld
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.example.tld 600 IN SRV 0 100 389 oldDC01.example.tld
ForestDnsZones.example.tld 600 IN A 192.168.0.11
_ldap._tcp.ForestDnsZones.example.tld 600 IN SRV 0 100 389 oldDC01.example.tld
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.example.tld 600 IN SRV 0 100 389 oldDC01.example.tld
_kerberos._tcp.example.tld 600 IN SRV 0 100 88 oldDC01.example.tld
_kerberos._tcp.Default-First-Site-Name._sites.example.tld 600 IN SRV 0 100 88 oldDC01.example.tld
_kerberos._udp.example.tld 600 IN SRV 0 100 88 oldDC01.example.tld
_kpasswd._tcp.example.tld 600 IN SRV 0 100 464 oldDC01.example.tld
_kpasswd._udp.example.tld 600 IN SRV 0 100 464 oldDC01.example.tld
_kerberos._tcp.dc._msdcs.example.tld 600 IN SRV 0 100 88 oldDC01.example.tld
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.example.tld 600 IN SRV 0 100 88 oldDC01.example.tld

And now just wait a couple of days and then use Network Monitor to listen for LDAP traffic.