Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2011-11-04) Installing And Uninstalling AD On Windows Server 8 As An RWDC And As An RODC – Part 5

Posted by Jorge on 2011-11-04

In the previous posts I have shown how to install AD. Now it is time to show how to uninstall AD from a DC. In this case I’m going to do everything with Powershell as that’s the new stuff in Windows Server 8. For previous versions of Windows you can read in the following blog post how to (un)install AD: “(2007-03-18) Windows Server Longhorn – Installing, Removing And Upgrading To AD

We first need to open a Powershell command window, import the correct powershell module and execute the correct CMDlet. At this moment I’m logged on to RODC as a delegated admin that has admin permissions on the RODC but nothing in AD. You can see the result below.

Import-Module ADDSDeployment Uninstall-ADDSDomainController -LocalAdministratorPassword $(ConvertTo-SecureString "Pa$$w0rd" -AsPlainText -Force) | FL

I’m demoting the RODC using the delegated admin credentials. Because of this I will only be able to demote the RODC. I will not be able to delete the RODC metadata as for that you need to have either “Enterprise Admins” or “Domain Admins” equivalent permissions. It should end up as a member server in the AD domain after the demotion when using “Enterprise Admins” or “Domain Admins” equivalent permissions and it should end up as a stand alone server when using Delegated Admin equivalent permissions.


Figure 1: Credentials Used For The Demotion And The Actual Powershell Command

Below you see the demotion almost being completed.


Figure 2: Uninstalling AD From The DC To Become A Member Server

Because I used Delegated Admin equivalent permissions the RODC ended up as a stand alone server and the metadata of the RODC was kept in AD as unused RODC objects. That metadata could be reused for another RODC to attach to. just MAKE SURE the already configured delegated administration configuration and the password replication policy configuration meets your needs. If not, change it accordingly!

The password specified for the local administrator did not work afterwards. Most likely a bug.




* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!



############### Jorge’s Quest For Knowledge #############

######### ########



3 Responses to “(2011-11-04) Installing And Uninstalling AD On Windows Server 8 As An RWDC And As An RODC – Part 5”

  1. […] the NEXT PART we’ll take care of the removal of AD from the […]

  2. Peter said

    Man this blog is pure gold, thanks a lot for your contribution to knowledge ;). Best regards

  3. […] Part – 5 […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: