This article will cover demoting of Windows Server 2008 DC server after Windows Server 2012 R2 is added to domain as DC.
Edit August 2021 – we are also almost at the point (October 2023) when we will have to discontinue our Windows Server 2012 R2 DCs – I put up guide on how to demote Windows Server 2012 R2 and you can follow it here – https://www.informaticar.net/demote-windows-server-2012-r2-dc-frs-to-dfs-migration-is-also-covered/
LAB has following setup
DC2008 – Domain Controller on Windows Server 2008 x64
DC2012 – Domain Controller on Windows Server 2012 R2
HyperV host – machine that is hosting HyperV and DC2012 installation.
Computer Name: DC2008 IP Address: 10.10.10.2
Computer Name: DC2012 IP Address: 10.10.10.3
Computer Name: HyperV host IP Address:: 10.10.10.4
Domain name: test.local
Edit August 2021 – we are also almost at the point (October 2023) when we will have to discontinue our Windows Server 2012 R2 DCs -I put up guide on how to demote Windows Server 2012 R2 and you can follow it here – https://www.informaticar.net/demote-windows-server-2012-r2-dc-frs-to-dfs-migration-is-also-covered/
There are few checks that need to be done before demoting DC. First of all, transfer FSMO roles. Check my previous article here -> https://www.informaticar.net/?p=1772
Check the following before demoting Server 2008 DC:
Adding Windows Server 2012 DC to Server 2008 domain -> https://www.informaticar.net/?p=1784
Check Bridgeheads – A bridgehead server is a domain controller that has been either administratively assigned or automatically chosen to replicate changes collected from other domain controllers in the site to bridgehead servers in other sites
Command for checking Bridgeheads is
Repadmin /bridgeheads
In my case there are no Bridgeheads. If you have any be sure to configure them to work correctly
To check the whole site for bridgeheads, enter additionally
Repadmin /bridgeheads site:Default-First-Site-Name(you can find your site name under Active Directory Sites ans Services)
You should also run some general checks before demoting DC to make sure that everything works ok.
Repadmin helps to find problems with replication
repadmin.exe /showrepl dc2008 /verbose /all /intersite > c:\repl.txtCheck created log for eventual problems
Check replication also through logs DFS Replication, Directory Service and DNS Server are important ones
Run dcdiag /e /c
All tests, especially DNS should be passed on this test. If something fails, check to see if you can repair it, let it through FIREWALL, or live without it (RODC functionality may not bee ver needed for example)
- Check DNS settings under DHCP service, and change them for DHCP clients
- Change Authoritative Time Server for Domain if it was DC that you are demoting.
- Global Catalog should be on new DC before demoting old one
Check and clean up DNS Manager after decomisioning old DC.
Have a backup plan in case you fail. How to forcibly demote DC is described here: https://technet.microsoft.com/en-us/library/cc731871%28v=ws.10%29.aspx
After all checks are done, lets proceed to demoting DC
Start |Run | DCpromo
Next
OK (You can check Global Catalog servers under Active Directory Sites and Services | Sites |Site name | Servers | right click on every server, click on Properties and under General check DC TYpe Value, it should be Global Catalog)
Leave field unmark, except if you want to delete the whole domain, but that is not point here. |Next
Enter password for local Admin account| Next
Next
Finish
After reboot lets check settings on DC2012. In Active Directory Users and Computers under Domain Controllers only server left as DC is DC2012
DC2008 is moved to Computers
Under Active Directory Sites and Services | Sites | Site: Site name |Servers remove removed DC
With this step, demoting of Windows Server 2008 is done.