How to properly and completely remove a Windows domain controller?

InteXX

4/23/23, 8:53 PM

I have a single forest/domain with 2 DCs, SERVER2 and SERVER3. SERVER2 holds the FSMO roles. Both are healthy.

I now wish to remove SERVER2 for a clean reinstall. Based on my research for the project, I propose to take these steps:

Transfer the FSMO roles to SERVER3
Demote SERVER2 to a member server
Remove SERVER2 from the domain
Perform the reinstall of SERVER2
Join SERVER2 to the domain
Promote SERVER2 to a DC
Transfer the FSMO roles to SERVER2

Is this all that's necessary for the task? Do I need to do any sort of cleanup or maintenance on SERVER3 after removing SERVER2 at step #3?

0 + 0

windows

active-directory

domain-controller

Score:1

Server

joeqwerty

4/23/23, 9:00 PM

The DC that holds the PDCe FSMO role is the authoritative time server for the domain. This is where the other DC's sync their time to. When you transfer the FSMO roles to SERVER3 you'll need to reconfigure the Windows Time service on SERVER3. Then when you move the FSMO roles back to the newly installed SERVER2 you'll need to reconfigure the Windows Time service on BOTH DC's. Here's how I do it:

PDCe FSMO Role Holder

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm.exe /config /manualpeerlist:time.windows.com /syncfromflags:manual /reliable:YES /update
net stop w32time
net start w32time

Domain Members (Including other Domain Controllers)

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /config /syncfromflags:DOMHIER /update
net stop w32time
net start w32time

0 + 0

InteXX

4/23/23, 9:03 PM

Thanks, Mr. Keyboard!

InteXX

6/18/23, 11:32 PM

Would you happen to know how to turn domain time sync OFF on a member workstation? It's hosted in a VM and I want to set it to sync from the host (which in turn syncs from the PDCe). According to [this](https://www.altaro.com/hyper-v/hyper-v-time-synchronization/) it won't do to simply disable the service.

InteXX

6/18/23, 11:55 PM

I ran your second script on a VM workstation. `w32tm /query /status` results... before: `Source: VM IC Time Synchronization Provider`, after: `Source: SERVER4.DOMAIN.local`. So it seems I've gone and mucked it up pretty good.

InteXX

6/19/23, 12:03 AM

I changed it to `/syncfromflags:NO` and now I get `Source: Local CMOS Clock`. Hm. Do you know of a way to get it back to `VM IC Time Synchronization Provider`?

InteXX

6/19/23, 2:54 AM

Well, never mind. It seems to have fixed itself in the time since.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to properly and completely remove a Windows domain controller?

TH: จะลบตัวควบคุมโดเมน Windows อย่างถูกต้องและสมบูรณ์ได้อย่างไร

RO: Cum să eliminați corect și complet un controler de domeniu Windows?

RU: Как правильно и полностью удалить контроллер домена Windows?

VI: Làm cách nào để loại bỏ đúng cách và hoàn toàn bộ điều khiển miền Windows?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.