The final step in removing your SBS server is to demote it as a domain controller using the DCPROMO tool.
DCPROMO will do a number of things in terms of removing the server’s ability to operate as an Active Directory server, however the main domain functional ‘operation’ (sorry pun!) you will see from other servers in the network is the moving of the ‘Flexible Single Master of Operation’ (FSMO) or now just ‘Operations Masters’ roles to another AD server.
You can control the transfer of the essential FSMO roles to a preferred AD server (if you have multiple) using the a script e.g. to transfer our roles to our UK/GB Infrastructure server GBINF01 the script is:
ntdsutil
roles
conn
connect to server gbinf01 q
Transfer infrastructure master
Transfer naming master
Transfer PDC
Transfer RID master
Transfer schema master
q
q
And checked with:
netdom /query fsmo
Schema master GBINF01.thefullcircle.local
Domain naming master GBINF01.thefullcircle.local
PDC GBINF01.thefullcircle.local
RID pool manager GBINF01.thefullcircle.local
Infrastructure master GBINF01.thefullcircle.local
The command completed successfully.
Of course if you just have one other AD server (not recommended as best practise but totally feasible and supported by Microsoft) you don’t need to manually control who gets the roles, and DCPROMO will just transfer the roles to the other server.
If you do have multiple servers (with multiple AD sites) then the next available local site server will get the roles.
Move those roles!
Summary review
Remove Active Directory Domain Services from this computer.
When the process is complete, this server will be a member of the domain thefullcircle.local
Remove DNS Delegation: Yes
Good bye domain services!
Checking the FSMO roles to confirm transfer:
C:>netdom query fsmo
Schema master GBINF01.thefullcircle.local
Domain naming master GBINF01.thefullcircle.local
PDC GBINF01.thefullcircle.local
RID pool manager GBINF01.thefullcircle.local
Infrastructure master GBINF01.thefullcircle.local
The command completed successfully.
You can log back onto your SBS server with either the local creds provided earlier, or with a domain account – it is still a domain member server.
Note this machine may no longer be licensed (certainly if an upgrade e.g. to SBS2011).
If the server was an OEM install you can leave what remains (demoted mostly broken SBS server) on the same hardware for whatever use you feel (within license limits – e.g. this is not a 2nd Exchange server!), but the chances are this is now an old and out of warranty bit of kit that is no longer production worthy anyway – reuse, renew, recycle responsibly (see http://blog.thefullcircle.com/2011/05/06/sort-it-out-and-learn-the-3rsreduce-reuse-recycle/).