Demoting the last Active Directory Domain Controller with PowerShell

Today I’ve made a decision. Weeks ago, I have changed the default language of the operating system of my Domain Controller from German to English. It worked great. But now, I found out, that the default active directory user names (Built-In) still shows up in German. Now, my plan is to demote my Domain Controller and create a  new domain for getting all names in English. This article shows how to demote a Domain Controller with PowerShell and re-create a new forest and forest root domain.

Note, that my Domain Controller is the only one, so therefore it’s the last Domain Controller of my forest and it’s root domain. And here’s, as mentioned above, my problem:


Demoting the last Domain Controller

For demoting, I run Uninstall-ADDSDomainController:

Uninstall-ADDSDomainController -LastDomainControllerInDomain -LocalAdministratorPassword (ConvertTo-SecureString -AsPlainText "Passw000rd" -Force) -RemoveApplicationPartitions



After reboot, I have to log on with the previously configured local administrator account password. A quick glance to the DNS Server Management (dnsmgmt.msc) shows me that all Forward and Reverse Lookup Zones were removed. That looks good.


The Windows features Active Directory and DNS are still installed, so I can move forward creating the new domain.

Get-WindowsFeature AD-Domain-Services,DNS

Creating the new Domain (sid-500.com)

Exciting moment. Will all active directory user names of my former german server show up in English? I hope so. Here we go.

Install-ADDSForest -DomainName sid-500.com -SafeModeAdministratorPassword (ConvertTo-SecureString -AsPlainText "Passw000rd" -Force)


After logging in, I start dsa.msc. Happy to see all names in English. 😉


(Get-ADGroup -Filter *).Name


The DNS Settings look good also:


Did you notice? Yes, IPv6. In Vienna, we use IPv6! 😉

See also

PowerShell: Configuring Fine Grained Password Policies (PSO)

PowerShell: Changing Active Directory user logon names (Bulk)

Securing Active Directory: Who can add computers to the domain? Only the domain admin?

1 reply »

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.