Demote a Domain Controller Windows 2003

When you don’t want a server as a domain controller, follow this tutorial to demote it down to a member server. This is the official way to remove a domain controller from Active Directory. If you have problems with bringing down a domain controller, you might find another topics.

Do not remove domain controller without going through this tutorial because your Active Directory will have orphaned information about the last domain controller. Orphaned information could cause unexpected problems. Look at my previous articles about how to remove orphaned objects.

Step-by-Step guides

  • Physically login on the domain controller you want to demote
  • Click Start Menu, select RUN, type DCPROMO with no optional parameters. Active Directory Installation Wizard appears.
DCPROMO Windows 2003
  • Click Next to continue
Demote domain controller
  • Leave This server is the last domain controller in the domain unchecked if you still have another domain controllers for this domain.
Demote a domain controller
  • Click Next
  • Set the local administrator password for this server. After demoting to a standalone server, this server uses SAM file for account manager. This password is for the administrator account on the local SAM file.
Demote a domain controller
  • Click Next
  • Click Next
  • Click Next again, Active Directory Installation Wizard will finish the rest tasks for you.
  • Click Finish to restart the machine, it’s now a standalone server. To completely remove it from Active Directory, you just dis-join it from your domain


About The Author

Hao Nguyen

Hao Nguyen

Hello! I'm Hao Nguyen and I'm currently working as a Network Engineer for a small firm in Houston. I enjoy writing technical documents and blog, such as


  1. Otsen says:

    Hi Hao I’m Otsen first of all I want to thank you about all these posts they really helped me to understand a little bit more about how the DC, Active Directory, Domain, and all that stuff works!

    I’ve bought a server las month for my new enterprise (a small one) it has Windows Server 2003 installed but it has been a headache since then. The problem is that i’s a “Domain Controller” and the only way I can login is restarting in RECOVERY MODE (only windows controller) as Administrator but once I want to perform the demotion (DCPROMO) the system tell me that it is not possible because the mode, and says that it’s necessary to restart and login in normal mode, which is exactly what I can’t. Do you know any idea how to Demote a Domain Controller with out a user domain?

    I really appreciate your comments.
    rgds! 🙂

    • Hao Nguyen says:

      Hi Otsen,

      Thanks for your comment. I’m very happy that it helps you.

      Regarding your question, here is the answer. In recovery mode, Active Directory is OFFLINE; therefore, you could not issue DCPROMO command to demote the domain controller. The only option is to start in a normal mode, and issue DCPROMO /forceremoval command to enforce the server to delete Active Directory informally. By this way, you can rudely remove any domain controller. In the case that domain controller is not the last one, you have to take care of the orphaned object of that domain controller.

      If you provide more information about the problem of not starting into normal mode, I might help you to figure it out.

      Hao Ng.

Leave a Reply