The Uninstall-ADDSDomainController cmdlet uninstalls a domain controller in Active Directory.
Examples
Example 1: Remove AD DS from a domain controller
Uninstall-ADDSDomainController
This command removes AD DS from an additional domain controller in a domain. The user is prompted to
set and confirm the local Administrator password prior to completing the removal process.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Specifies the user name and password that corresponds to the account used to install the domain
controller. Use the Get-Credential cmdlet to prompt the user to supply a password in place of an
existing System.Management.Automation.PSCredential type. This causes Windows PowerShell to
prompt the user to enter credentials using the Windows security login UI.
Indicates that forced demotion should continue even if an operations master role is discovered on
the domain controller from which AD DS is being removed.
Specifies the account credentials to use when you create or remove the DNS delegation. If you do
not specify a value, the account credentials that you specify for the AD DS installation or removal
are used to remove the DNS delegation. As an alternative, you can specify the asterisk (*) to
prompt the user to enter credentials.
Indicates that the cmdlet forces the removal of a domain controller. Use this parameter to force the
uninstall of AD DS if you need to remove the domain controller and do not have connectivity to other
domain controllers within the domain topology.
Indicates that Windows PowerShell ignores any inconsistency that it detects with the value that you
specify for the LastDomainControllerInDomain parameter. For instance, if you specify
LastDomainControllerInDomain but Windows PowerShell detects that there is actually another
active domain controller in the domain, you can specify the IgnoreLastDCInDomainMismatch
parameter to have Windows PowerShell continue the removal of AD DS from the domain controller
despite the inconsistency that it has detected. Similarly, if you do not specify
LastDomainControllerInDomain but Windows PowerShell cannot detect that another domain
controller is in the domain, you can specify IgnoreLastDCInDomainMismatch to have Windows
PowerShell continue to remove AD DS from the domain controller.
Indicates that the cmdlet continues the removal of AD DS despite the fact that the domain controller
is the last DNS server for one or more of the Active Directory-integrated DNS zones that it hosts.
Specifies a local administrator account password when AD DS is removed from a domain controller. In
earlier releases, where uninstall of AD DS was done using Dcpromo.exe for demotion, the default
was to allow an empty password for this setting. In Windows PowerShell, the ADDS Deployment module
requires that a non-empty password string value be assigned. If a value is not provided for this
parameter, you are prompted to enter a value for the password at the Windows PowerShell prompt. The
password value must be a secure string.
If this parameter is not specified, the cmdlet prompts you to enter and confirm a masked password.
This is the preferred usage when running the cmdlet interactively. If additionally there are no
other arguments specified with the cmdlet, you are prompted to enter a masked password for this
parameter but no confirmation of the password entered is made. This is not recommended as it could
allow a mistyped password to be configured. Another available advanced option is to use the
ConvertTo-SecureString cmdlet and specify the password string inline as unmasked console input,
which is also not a recommended security best practice in production deployments.
Indicates that the cmdlet restarts the computer upon completion, regardless of success. By default,
reboot upon completion occurs when this cmdlet is used and this parameter is omitted. As a general
rule, Microsoft support recommends that you not use this parameter except for testing or
troubleshooting purposes because once configuration has completed the server will not function
correctly as either a member server or a DC until it is rebooted.
Specifies whether to preserve DNS delegation that point to this DNS server from the parent DNS Zone.
If you use this parameter, DNS delegations that point to this server from the parent DNS zone will
not be retained after uninstallation of the domain controller. This setting corresponds to the
earlier Dcpromo.exe parameter default of /RemoveDNSDelegation:Yes.
Indicates that only a base set of validations is performed. This behavior is equivalent to the
validations that were performed when using Dcpromo.exe in earlier versions of Windows Server to
add a new domain controller. When this switch parameter is set, it specifies that additional
preliminary checks should be bypassed. For more information on the scope of these additional
preliminary checks that the ADDSDeployment module performs by default when using Windows Server
2012, refer to the table in the section ADPrep and Prerequisite Checking Architecture in
AD DS Simplified Administration.
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters.