Transfer/Seize FSMO Roles and Remove DC from AD

As our journey continues, sadly we will need to decommission DC’s along the way.  Doing this comes with some considerations, such as moving your FSMO roles off of the DC you are decommissioning.  Don’t know if it has any FSMO roles assigned to it?  Run the following:

Now the internet will show you many other ways to find this out, but this is by far the easiest method.  Great now we know what roles we need to move off of the DC, but how do we do it?  Logon to the DC you wish to transfer the FSMO roles to and do the following:

Should you not be able to transfer the roles (Server holding them is lost to the world), you can seize them.  You do this by doing the following:

Yes I realize there is only one difference, but it’s an important difference!

Now, assuming you have all your other marbles accounted for we can remove the DC from AD and all the other nonsense.  Start by deleting the computer account out of the Domain Controllers OU in AD.  It’ll give you a bunch of warning, read them if you like.  Next head over to Sites and Services and delete it out of there.  Once that is done, hit DNS and delete it from both the Forward and Reverse Lookup Zones.  Once you have all of that done, you should be good to go!  Sync up your still existing DC’s (assuming more than one) by running the following command:

Finally, just for that warm and fuzzy feeling, run the following command on a Domain Controller:

All of the tests should pass.  If not, get troubleshooting!  Best of luck!!