SID-500

Home » PowerShell » Demoting the last Active Directory Domain Controller with PowerShell

Demoting the last Active Directory Domain Controller with PowerShell

Today I’ve made a decision. Weeks ago, I have changed the default language of the operating system of my Domain Controller from German to English. It worked great. But now, I found out, that the default active directory user names (Built-In) still shows up in German. Now, my plan is to demote my Domain Controller and create a  new domain for getting all names in English. This article shows how to demote a Domain Controller with PowerShell and re-create a new forest and forest root domain.

Note, that my Domain Controller is the only one, so therefore it’s the last Domain Controller of my forest and it’s root domain. And here’s, as mentioned above, my problem:

Unbenannt.PNG

Demoting the last Domain Controller

For demoting, I run Uninstall-ADDSDomainController:

Uninstall-ADDSDomainController -LastDomainControllerInDomain -LocalAdministratorPassword (ConvertTo-SecureString -AsPlainText "Passw000rd" -Force) -RemoveApplicationPartitions

1.PNG

2.PNG

After reboot, I have to log on with the previously configured local administrator account password. A quick glance to the DNS Server Management (dnsmgmt.msc) shows me that all Forward and Reverse Lookup Zones were removed. That looks good.

Unbenannt.PNG

The Windows features Active Directory and DNS are still installed, so I can move forward creating the new domain.

Get-WindowsFeature AD-Domain-Services,DNS

Creating the new Domain (sid-500.com)

Exciting moment. Will all active directory user names of my former german server show up in English? I hope so. Here we go.

Install-ADDSForest -DomainName sid-500.com -SafeModeAdministratorPassword (ConvertTo-SecureString -AsPlainText "Passw000rd" -Force)

Unbenannt.PNG

After logging in, I start dsa.msc. Happy to see all names in English. 😉

Unbenannt.PNG

(Get-ADGroup -Filter *).Name

Unbenannt.PNG

The DNS Settings look good also:

Unbenannt.PNG

Did you notice? Yes, IPv6. In Vienna, we use IPv6! 😉

See also

PowerShell: Configuring Fine Grained Password Policies (PSO)

PowerShell: Changing Active Directory user logon names (Bulk)

Securing Active Directory: Who can add computers to the domain? Only the domain admin?


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

WHOIS

My name is Patrick Grünauer (pewa2303). I am from Austria. On sid-500 I write about Windows, Cisco and IT-Security in English and German. Have fun while reading!

Patrick Gruenauer
Follow SID-500 on WordPress.com