none
Remove last DC from a domain in a forest

    Question

  • Hi!

    I have a doubt... If I have a forest and my root domain is contoso.com; and I also have sites with child domains as a.contoso.com; b.contoso.com and c.contoso.com.

    root: contoso.com (2 DC/GC)

    Site A: a.contoso.com (2 DC/GC)

    Site B: b.contoso.com (2 DC/GC)

    Site C: c.contoso.com (2 DC/GC)

    If I demote the two domain controllers from site B:

    - Can I keep the child domain b.contoso.com active in the forest or it will be forcely deleted?

    - If it could be remain existing, which servers would have its FSMO roles?

    I think it's not possible but, maybe I'm wrong. Could you please help me with this doubt?

    Regards!!

    Wednesday, May 3, 2017 12:09 PM

Answers

  • If I demote the two domain controllers from site B: >>> As you said there is 2 dc on child domain,so if you demote these 2 dc,your child domain will be also remove.(cause on you will demote last dc on domain.)

    If it could be remain existing, which servers would have its FSMO roles? >>> As mentoned you won't be a child domain call b.contoso.com so there won't be a PDC holder :)


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur


    Wednesday, May 3, 2017 12:23 PM

  • If I demote the two domain controllers from site B:

    - Can I keep the child domain b.contoso.com active in the forest or it will be forcely deleted?

    - If it could be remain existing, which servers would have its FSMO roles?

    I think it's not possible but, maybe I'm wrong. Could you please help me with this doubt?

    Domain Controllers hold partitions for their respective domain. When you have 2 domain controllers in a domain and you demote one of them, there is only one domain controller who holds the partition. When you demote the last domain controller in a domain, the partition will be deleted as well along with users, computers and etc.


    Mahdi Tehrani | | www.mahditehrani.ir
    Make sure to download my free PowerShell scripts:

    Wednesday, May 3, 2017 2:07 PM
    Moderator
  • Hi,
    Agree others. After you delete the last domain controller from child domain b.contoso.com, this domain will be gone or orphaned.
    And if you really demote all DCs from child domain b.contoso.com, please make sure to clean up their metadata from AD: https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx
    Later, you could reinstall a new domain called b.contoso.com if you need it.
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, May 4, 2017 6:24 AM
    Moderator
  • I agree with above suggestions.

    By the way, to perform metadata cleanup, you can follow this "How-To" guide https://community.spiceworks.com/how_to/132621-how-to-perform-metadata-cleanup-in-active-directory for step-wise instructions.
    Friday, May 5, 2017 9:37 AM

All replies

  • If I demote the two domain controllers from site B: >>> As you said there is 2 dc on child domain,so if you demote these 2 dc,your child domain will be also remove.(cause on you will demote last dc on domain.)

    If it could be remain existing, which servers would have its FSMO roles? >>> As mentoned you won't be a child domain call b.contoso.com so there won't be a PDC holder :)


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur


    Wednesday, May 3, 2017 12:23 PM

  • If I demote the two domain controllers from site B:

    - Can I keep the child domain b.contoso.com active in the forest or it will be forcely deleted?

    - If it could be remain existing, which servers would have its FSMO roles?

    I think it's not possible but, maybe I'm wrong. Could you please help me with this doubt?

    Domain Controllers hold partitions for their respective domain. When you have 2 domain controllers in a domain and you demote one of them, there is only one domain controller who holds the partition. When you demote the last domain controller in a domain, the partition will be deleted as well along with users, computers and etc.


    Mahdi Tehrani | | www.mahditehrani.ir
    Make sure to download my free PowerShell scripts:

    Wednesday, May 3, 2017 2:07 PM
    Moderator
  • Hi,
    Agree others. After you delete the last domain controller from child domain b.contoso.com, this domain will be gone or orphaned.
    And if you really demote all DCs from child domain b.contoso.com, please make sure to clean up their metadata from AD: https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx
    Later, you could reinstall a new domain called b.contoso.com if you need it.
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, May 4, 2017 6:24 AM
    Moderator
  • I agree with above suggestions.

    By the way, to perform metadata cleanup, you can follow this "How-To" guide https://community.spiceworks.com/how_to/132621-how-to-perform-metadata-cleanup-in-active-directory for step-wise instructions.
    Friday, May 5, 2017 9:37 AM
  • Hi,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, May 8, 2017 12:34 PM
    Moderator
  • Thank you all for the answers!!

    But I have another one... so, if I remove both DCs, the domain b.contoso.com will be deleted from the forest...and the DNS zone? Will it be also deleted? Is there a way to keep it?

    Regards!

    Monday, May 8, 2017 3:01 PM
  • Hi,
    As far as I know, after AD DS is removed, the DNS server role remains installed and running if it was previously installed on the domain controller. But any Active Directory–integrated DNS zones that were installed are removed. By default, the AD DS removal process also attempts to remove the Domain Name System (DNS) delegations for the zones that point to the domain controller.
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, May 10, 2017 1:55 AM
    Moderator