Step 1: Using the command line (as administrator) to move PDC to another Domain Controller
- Open Command Prompt (elevated) and Type: ntdsutil
- At the ntdsutil command prompt, type: roles
- At the fsmo maintenance command prompt, type: connection
- At the server connections command prompt, type: connect to server NewDomainControllerName
- At the server connections command prompt, type: quit
- At the fsmo maintenance command prompt, type:
transfer RID master
transfer PDC
transfer infrastructure master
transfer naming master
transfer schema master - Type quit to exit fsmo maintenance
- Then, type quit again to exit ntdsutil
- To check: Type netdom query fsmo command line to verify fsmo roles.
- Finally, exit, then to update group policy: Open a Run prompt and type: gpupdate /force
Step 2: Demote the old Domain Controller
- (Optional if using SBS11 for example) Remove Active Directory Certificate Services
Server manager > Manage > Remove roles > Next > Active Directory Certificate Services > Next > Confirm Removal option > Remove
(This is marginally different between Server 2008r2 and Server 2012 onwards) - Windows 2003 to 2008r2: Open a Run prompt and type: dcpromo
(Don’t tick the box saying this is the last server on the domain)
or
Windows 2012 onwards: Open PowerShell and type: Uninstall ADDSDomainController
After a reboot, then reopen PowerShell and type: Uninstall WindowsFeature AD Domain Services
Step 3: Cleaning up AD (Only if removing the old server from the Domain)
- If the old Domain Controller computer name still exists in the Users and Computers or Sites and Services console, delete it manually.
- Delete entries pointing to old Domain Controller in DNS. Look in forwarders, name servers in forwarding lookup zone and reverse lookup zone.
