First published on TechNet on Nov 14, 2008
here again. Today's post is short and sweet, but when you need this one you will need it fast and we don't have this publically documented anywhere on TechNet (yet).
Since Windows 2000 SP4, it has been possible to forcibly demote Domain Controllers using the
command. You could use this switch if:
There are no domain controllers currently available in the parent domain when you try to demote the last domain controller in an immediate child domain.
The Active Directory Installation Wizard cannot complete because there is a name resolution, authentication, replication engine, or Active Directory object dependency that you cannot resolve after you perform detailed troubleshooting.
A domain controller has not replicated incoming Active Directory changes in Tombstone Lifetime (Default Tombstone Lifetime is 60 days) number of days for one or more naming contexts (see also KB article
Time does not permit more detailed troubleshooting because you must immediately bring into service the domain controller.
So I can already hear the question "But this server did not have any FSMO roles on it - why do I need to add that switch?" The answer is because this not only forces demotion with a FSMO role in place, it also suppresses the warning prompt for FSMO when forcibly demoting.
I tried to come up with a snappier title for this, but I figured most readers that actually
this post would already be so busy that they wouldn't want any cutesy-pie stuff. :-)