Microsoft's official enterprise support blog for AD DS and more
Ned here again. Today's post is short and sweet, but when you need this one you will need it fast and we don't have this publically documented anywhere on TechNet (yet).
Since Windows 2000 SP4, it has been possible to forcibly demote Domain Controllers using the DCPROMO /FORCEREMOVAL command. You could use this switch if:
Naturally you must always follow this up with Metadata Cleanup on other DCs.
However, if you try to run this command on a Windows Server 2008 DC running in Core (no GUI) mode, it will always return:
An answer file or unattend installation command-line parameters must be specified.
And even if you provide an answer file, you will continue to get various prompts and issues that prevent demotion.
So how do we get this to work? With the following command:
dcpromo /forceremoval /demotefsmo:yes /administratorpassword:<the new password>
dcpromo /forceremoval /demotefsmo:yes /administratorpassword:Password1
So I can already hear the question "But this server did not have any FSMO roles on it - why do I need to add that switch?" The answer is because this not only forces demotion with a FSMO role in place, it also suppresses the warning prompt for FSMO when forcibly demoting.
I tried to come up with a snappier title for this, but I figured most readers that actually needed this post would already be so busy that they wouldn't want any cutesy-pie stuff. :-)
- Ned Pyle
PingBack from http://www.safewordfordforcitrix.com/ask-the-directory-services-team-forced-demotion-of-a-windows