Promoting a Windows Server 2012 RODC to become a writeable domain controller
Having now moved the rest of the business into the new office it is no longer functioning as a branch office and so the RODC (Read-Only Domain Controller) I set up sometime ago is no longer required.
The plan was it would be demoted and we would return to having just the two domain controllers. However I changed my mind as the other domain controllers are VMs on ESXi which I don’t think is an ideal situation and I’d prefer to have at least one physical domain controller.
Unfortunately the process of converting a RODC to a writeable DC isn’t quick as you can’t go from one to the other you need to demote it and then promote it again.
I don’t want to force the removal as it is able to communicate with the other domain controllers and so can be removed normally (See http://technet.microsoft.com/en-us/library/cc816826%28v=ws.10%29.aspx about forcing removal of domain controllers)
The next bit is a crucial step as you are asked if you wish to Retain domain controller metadata. The only reason to do so would be if you planned to reinstate the server as a RODC in the future. If you wanted to remove it entirely as a domain controller or if you wish to promote it to being a writeable domain controller as I do then you need to ensure you leave the box unticked. Click Next.
I’ll show you later the error you would get if you ticked the box and then tried to promote it as a full domain controller.
Review your selection. You can view the Powershell script at this stage that is actually run under the hood when you click the Demote button. As this is a one time only affair there isn’t a reason to do so.
Then we’re back looking at Server Manager and there is a flag indicating that you need to promote the server for it to become a domain controller. If you were removing the server as a domain controller you would in fact return to Manage > Remove Roles and Features and then complete the removal of the AD DS role.
Then the process is the same as shown in a previous post when I set the server up originally as a Domain controller.
Select Add a domain controller to an existing domain and select the desired Domain from the list and enter a domain administrators credentials.
Specify install/replication options. Install from media or replicate from another domain controller.
Choose the file paths for the AD DS Database, log files and SYSVOL. Defaults are fine with me.
Then the prerequisites will be validated before AD DS is installed on the server. In the case of installing AD DS on a former RODC where the metadata had been retained you would get the following error.
Otherwise the prerequisites check will pass and you can click Install to finalise the process.
Microsoft’s official instruction on Demoting a Server 2012 Domain controller is to be found here http://technet.microsoft.com/en-us/library/jj574104.aspx