To remove or demote a Read-Only Domain Controller (RODC), you can follow these general steps:
1. Ensure the availability of a writable domain controller: Before demoting an RODC, make sure there is at least one writable domain controller available in the domain.
2. Verify replication: Confirm that the RODC has replicated all changes from the writable domain controller by running the following command on the RODC:
bash
repadmin /showrepl
3. Remove any dependencies: If the RODC has any dependent services or
applications, ensure they are reconfigured to use a different domain
controller.
4.Transfer FSMO roles (optional): If the RODC holds any Flexible Single
Master Operation (FSMO) roles, transfer them to a different domain
controller using the appropriate Microsoft tools (e.g., Active Directory
Users and Computers, or the Ntdsutil command-line tool).
5. Remove the RODC from Active Directory Sites and Services: Open the
Active Directory Sites and Services console, navigate to the RODC's
site, expand the Servers container, right-click on the RODC, and select
Delete.
6. Remove the RODC from the Active Directory Users and Computers console:
Open the Active Directory Users and Computers console, navigate to the
Domain Controllers container, right-click on the RODC, and select
Delete.
7.Demote the RODC using the Dcpromo command: Open a command prompt with administrative privileges, and run the following command:
bash:
dcpromo /unattended
This command starts the Active Directory Domain Services Installation
Wizard, which will guide you through the demotion process. The
/unattended
switch ensures an unattended demotion without requiring interactive input.8.Follow the wizard steps: The Active Directory Domain Services
Installation Wizard will prompt you to choose the appropriate options
for demoting the RODC. Review the options and follow the on-screen
instructions.
9. Restart the server: After the demotion process completes, restart the server to finalize the removal of the RODC role.
.It's important to note that these steps are general guidelines and may vary depending on the specific environment and any additional configurations made. It's recommended to consult official Microsoft documentation or seek assistance from a qualified IT professional when performing critical operations like removing or demoting a domain controller.
Comments
Post a Comment