# DCPROMO and Exchange Server



## SoCalMark (Jan 5, 2010)

Hello All - Just installed a second Windows Server 2008 and it is now a second domain controller. The new server took on the AD of the old with all the correct settings. Both servers are in the domain controller list.

I would like to demote the first Windows Server 2003 but keep it simply as the Exchange Server for the domain --- Is that going to work?

Thanks


----------



## aasimenator (Dec 21, 2008)

By default, Windows Server 2003 domain controllers support forced demotion. Click *Start*, click *Run*, and then type the following command: dcpromo /forceremoval
 Click *OK*.
At the *Welcome to the Active Directory Installation Wizard* page, click *Next*.
At the *Force the Removal of Active Directory* page, click *Next*.
In *Administrator Password*, type the password and confirmed password that you want to assign to the Administrator account of the local SAM database, and then click *Next*.
In *Summary*, click *Next*.
Perform a metadata cleanup for the demoted domain controller on a surviving domain controller in the forest.
If you removed a domain from the forest by using the *remove selected domain* command in Ntdsutil, verify that all the domain controllers and the global catalog servers in the forest have removed all the objects and the references to the domain that you just removed before you promote a new domain into the same forest with the same domain name. Windows 2000 Service Pack 3 (SP3) and earlier global catalog servers are noticeably slower to remove objects and naming contexts than Windows Server 2003 is.

If resource access control entries (ACEs) on the computer that you removed Active Directory from were based on domain local groups, these permissions may have to be reconfigured, because these groups will not be available to member or stand-alone servers. If you plan to install Active Directory on the computer to make it a domain controller in the original domain, you do not have to configure access control lists (ACLs) any more. If you prefer to leave the computer as a member or stand-alone server, any permissions that are based on domain local groups must be translated or replaced. For more information about how permissions are affected after you remove Active Directory from a domain controller, click the following article number to view the article in the Microsoft Knowledge Base: 320230 (http://support.microsoft.com/kb/320230/ ) Permissions are affected after you demote a domain controller

It will work but will cause issues in your network if not done successfully.


----------



## avisitor (Jul 13, 2008)

I would transfer the FSMO roles and make sure that your new DC is a Global Catalog before you demote it.


----------

