When I try show the domain controllers with the command:
nltest /dclist:domain.local
I'm getting the following in the command prompt:
DC1.domain.local [DS] Site: ....
DC2.domain.local [DS] Site: ....
DC3.domain.local [PDC] [DS] Site: .... //<- This is the primary DC
But, when I want to demote the DC1 by PowerShell the message is:
The server will be automatically restarted when this operation is complete. The domain will no longer exist after you uninstall Active Directory Domain Services from the last domain controller in the domain.
Do you want to continue with this operation?
I'm a newbie Does that mean can't see the other domain controller and will delete domain.local?
Someone could tell me if I can follow the next steps to demote the DC1 or if I must stop and fix the issues?
Best Answer
To add to Andy's answer, If you demote dc1, you still have DC2 and DC3 around. You must ensure all of your clients are looking at DC2 and DC3 for DNS before you demote DC1.
As a trial, I usually like to SHUT DOWN the DC being demoted first (or simply pull it's ethernet cable). Leave it off the network for a while (hours, days, a week, but not too long) to ensure that nothing breaks on your network. Do this as a trial after hours first before leaving it off during production hours. Test everything, make sure you can still do other network tasks like creating mailboxes (if you use on Prem exchange) etc.
If everything still works after the DC has been inaccessible, you should be safe to being it back online and demote it.