demoting RODC

Shahin Mortazave 491 Reputation points
2021-10-11T18:10:32.247+00:00

Hi,
We have a server 2012 RODC in our domain that we used it in our lync enviorment.
We just have migrated our lync to Teams and now we want to demote and remove the RODC that we used with Lync.
Should I just use the server manager to demote the RODC or shutdown this RODC and wait a week or so to be sure everything works and the use ntds utility to force remove of the RODC?

Thanks

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,055 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,524 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shahin Mortazave 491 Reputation points
    2021-10-12T14:24:41.113+00:00

    @Anonymous thank you for your reply,
    I decided to go ahead with option shutting down the RODC first and then remove it manually,
    Are these steps correct?

    all of these steps will run on the DC that has all the FSMO roles:

    1. Delete the rodc object from AD users and Computers.
    2. Delete the rodc object from the AD domain and services.
    3. Ntdsutil
      Meta clean
      Connections
      Connect to server <local host>
      Q
      Select operation target
      list site
      Select site 0
      List domain
      Select domain 0
      List server in site
      Select server
      Q
      Remove selected server

    Thanks

    1 person found this answer helpful.
  2. Anonymous
    2021-10-11T18:15:24.833+00:00

    Either method will get the same end result.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  3. ShafaatiKaveh 0 Reputation points
    2024-07-09T09:34:01.1866667+00:00

    thanks ......... :)

    0 comments
  4. AsalMilou 1 Reputation point
    2024-07-09T10:00:45.64+00:00

    Open a command prompt on your primary DC and type the following commands in order. Anything in BOLD is the actual command, any comments italicized after anything in bold are helpful instructions. These commands have been tested on Server 2008 R2 so if you get an error or unexpected results, check for spelling errors.

    Ntdsutil

    Metadata cleanup

    Connections

    Connect to server “name_of_DC2”

    Quit

    Select operation target

    List domains

    select domain “Number”, (where “Number” is the number corresponding to the domain in which the failed server was located. Press Enter.)

    select site “Number”, (where “Number” refers to the number of the site in which the domain controller was a member. Press Enter.)

    list servers in site This will list all servers in that site with a corresponding number.

    select server “Number ( where “Number” refers to the domain controller to be removed.)

    quit

    remove selected server

    You will receive a warning message, type Yes.

    If you run into problems just post back.

    Good links for Check cleanup in AD:

    How to perform Metadata cleanup in Active Directory

    https://community.spiceworks.com/t/how-to-perform-metadata-cleanup-in-active-directory/1011296

    and how to move FSMO Roles via NETdsutil oder PowerShell

    https://scarymachines.de/fsmo-rollen-uebertragen-per-ntdsutil-oder-power-shell/

    Ntdsutil:

    Ntdsutil

    Roles

    Connections

    Connect to Server <Traget- Server DC>

    Q

    transfer Infrastructure Master

    transfer Naming Master

    transfer PDC

    transfer RID Master

    transfer Schema Master

    Q

    Q

    PowerShell:

    Move-ADDirectoryServerOperationMasterRole -Identity <Ziel-DC> -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator -whatif

    Move-ADDirectoryServerOperationMasterRole -Identity <Ziel-DC> -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator

    PDC Emulator (0)

    RID Pool Manager (1)

    Infrastruktur Master (2)

    Domain Naming Master (3)

    Schema-Master (4)

    Move-ADDirectoryServerOperationMasterRole -Identity <Ziel-DC> -OperationMasterRole 0,1,2,3,4

    Move-ADDirectoryServerOperationMasterRole -Identity <Ziel-DC> -OperationMasterRole 0,1,2,3,4 -Force

    How to demoting RODC ( Chatgpt):

    dcpromo /unattend /AdministratorPassword:<NeuesAdministratorPasswort> /demoteRODC:Yes /ForceRemoval /DeleteDNSDelegation:Yes

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.