Written on 17. December 2023

Move FSMO Roles and demote old Domain Controller

In the dynamic world of my IT environment, a pivotal change was due. An old domain controller, running on Windows Server 2012, needed to be demoted and removed from the domain. This task required a meticulous approach, beginning with the transfer of FSMO roles to a newer server, followed by the decommissioning of the old one. Here’s a walkthrough of how I tackled this challenge.

Transferring FSMO Roles

Identifying which server held which FSMO role was crucial. I used PowerShell for this purpose:

Get-ADForest | Format-List DomainNamingMaster,SchemaMaster
Get-ADDomain | Format-List PDCEmulator,RIDMaster,InfrastructureMaster

I used the Move-ADDirectoryServerOperationMasterRole command for each role, specifying the role and the target server. For instance:

Move-ADDirectoryServerOperationMasterRole -Identity "dc2" -OperationMasterRole SchemaMaster,DomainNamingMaster,PDCEmulator,RIDMaster,InfrastructureMaster

Verifying the Role Transfer

After the transfer, I verified that the new domain controller had successfully assumed the roles. I reran the initial commands to confirm the new associations.

Demoting the Old Domain Controller

With the roles securely transferred, the next step was to demote the old domain controller. Since dcpromo is no longer used, I navigated through the Server Manager for a guided removal process. This ensured that the server was properly demoted and safely removed from the domain.

Final Health Checks

Post-demotion, I conducted thorough checks using dcdiag and repadmin to assess the domain’s health and confirm that all operations were functioning correctly. I paid close attention to any replication errors, DNS issues, or other anomalies in the logs.

dcdiag /v
repadmin /showrepl

Conclusion: A Smooth Transition

The process of transferring FSMO roles and decommissioning an old domain controller is intricate but essential for maintaining a robust and current IT infrastructure. By methodically following these steps, I ensured a seamless transition with minimal impact on our network services. This experience not only bolstered my understanding of Active Directory but also prepared me for future updates and changes in our IT landscape.

Note: This article reflects my personal experience in a specific IT environment. Adapt these steps to fit your unique situation.

No Comments on Move FSMO Roles and demote old Domain Controller

Leave a Reply

Your email address will not be published. Required fields are marked *