I have 3 DCs, one the one I would like to demote has mutlihomed nics which I suspect is causing network issues. Can I just demote it? It run a database and an application and I would like it to still server that function, I would also like it to still be a member of the domain. Any issues with demoting it using dcpromo?

BTW two servers are 2008 r2 (including the one I would like to demote), and the 3ed is server 2003 r2.

Yes you can demote a DC using dcpromo. To make it as member server, again you need to join the server to the domain. As it already hosts a database and an application, be little more cautious as demotion of DC might cause DB or Application to breakdown. Consult respective DB and application vendor as well to know about any after effects if you do so and bkp everything which is important.Don't be a prick ! Be reasonable and provide your feedback. Say something whether the suggestion was helpful or not, mark a reply as answer or click on to vote helpful if any suggestion really helps you, don't leave that choice to moderators, let the credit go to a contributor who has invested his precious time on your questions. Please be informed that, moderators are also humans and they also make mistakes ;-) Last but not the least, Unmark as answer if any post doesn't answer your question/s !!!

The server still retains all its data and connections to network resources?

The server still retains all its data and connections to network resources? Yes it does.However, make sure that you cleanup metadata (leftovers of demoted DC) to avoid furhter issues with your domain. http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspxDon't be a prick ! Be reasonable and provide your feedback. Say something whether the suggestion was helpful or not, mark a reply as answer or click on to vote helpful if any suggestion really helps you, don't leave that choice to moderators, let the credit go to a contributor who has invested his precious time on your questions. Please be informed that, moderators are also humans and they also make mistakes ;-) Last but not the least, Unmark as answer if any post doesn't answer your question/s !!!

helpful to demote DC http://technet.microsoft.com/en-us/library/cc740017(v=ws.10).aspx

As everyone else has said, you can demote it using either dcpromo and the wizard or dcpromo and an unattend file with the unattend switch. It'll become a member server and delete all data regarding to domain services on the machine. I would make sure it does not host any application partitions that are unique to that DC. As Being Human has mentioned, make sure you ntdsutil metadata cleanup and make sure the dc is gone from the sites and services snap in. Yes all your data should stay on the dc. Make a full backup before doing any of this.

The only reason for performing a metadata cleanup after demoting a DC would be if the DCPROMO process failed. DCPROMO takes care of cleaning the Directory of DC related objects.Guides and tutorials, visit ITGeared.com.

Hello Ptex, Besides to all above posts, remember below steps while demoting a DC. Check DC and its roles first, if DC have any roles transfer those roles to another DC in your domain/forest.Once you confirmed that another DC hold all 5 FSMO roles then you can go for demote DC by using dcpromo/forceremoval command.Even though if you demote a DC, some of references will be there in directory database and it will cause for replication failures.So we have to metadata clean up and we need to remove demoted DC references from AD Database completely. Useful link for Metadata cleanup:http://www.petri.co.il/delete_failed_dcs_from_ad.htm Regards, Ravikumar P

Now I can't log in as a member of the domain only as a local admin. I get this "There are currently no logon servers available to service the logon.."

But I can rdp in as a domain admin?

I guess the users can still get to the db and application so I'm calling it working, for now. Thanks

Have you completely demoted DC? Regards, Ravikumar P

The only reason for performing a metadata cleanup after demoting a DC would be if the DCPROMO process failed. DCPROMO takes care of cleaning the Directory of DC related objects. Yes Jorge, you are correct. The only reason to use ntdsutil in this case it to make double sure that the demotion was clean. On my home domain, I think I have only once seen a clean demotion. All other times I had to use "dcpromo /forceremoval", followed by metadata cleanup.

Yeah I had to use dcpromo /forceremoval and I don't see it as a dc on my main dc. I might run clean up again just to be sure. Thanks all it s tough working in a department alone with no one to bounce ideas off so I find this to be a great recourse.