How do you successfully demote a Domain Controller? A question everyone would likely answer with “Run dcpromo.exe and you’re done!” on first thought. Sure, the technical process is as easy as that - but things that come with a DC demotion often aren’t as clear as the actual demotion through the executable. There are more things to look at.
My friends from the geek network Mike (http://adisfun.blogspot.com/), Rich (http://cbfive.com/blog/), Eric (still with no blog, but sure to post on Rich’s!) and I have decided to tackle this topic and create a blog series across all our blogs. The next weeks coming, we’ll try to cover as many aspects and tidbits on DC demotion so that you can successfully perform your demotions.
The blog series will cover the following topics (some subjets may change and be added):
- Domain Controller Scope
- Demoting the Domainâ€™s First Domain Controller
- Demoting Domain Controllers Doubling as a Certificate Authority
- Rolling Back Network and Registry Configuration After Demoting a DC
- Directory Service Scope
- Demoting a FSMO Role Owner
- Demoting a Global Catalog
- Cleaning Up Replication Topology after DC Demotion
- Are There Applications That Rely on My DC?
- Identifying Hard-Coded Applications
- Adjusting VPN and RRAS for DC Demotion
- Closing Â Holes in the Firewall
- Forcing a DC Out of the Domain
- Demoting an RODC
- Whenâ€™s the Right Time to Demote My DC?
- DNS Cleanup from DC Demotion
- Updating Clients for DC Demotion
- A Second Secondary
- Domain Controller Demotion Checklist
We highly recommend you subscribe to the RSS and ATOM feeds of our blogs so that you don’t miss a piece of this series!