Remove AD Child Domain with PowerShell
It runs contrary to every paternal instinct to delete one's child. Still, child domains sometimes have to be removed. Today, we'll retire the child domain we created last week.
Once more, you won't be surprised to hear that PowerShell makes this process quick and easy. Unto the breach, dear friends:
$AdminPassword = "D43zsCF9r8a2hf6n5sP2"
$DomainCredential = Get-Credential
Uninstall-ADDSDomainController -LastDomainControllerInDomain `
-LocalAdministratorPassword ($AdminPassword | ConvertTo-SecureString -AsPlainText -Force) `
-IgnoreLastDnsServerForZone `
-Credential $DomainCredential `
-RemoveApplicationPartitions `
-Force
Running this on the last domain controller in the child domain not only demotes that domain controller, it also removes the child domain. Let's look at those parameters:
- LastDomainControllerInDomain - states that this is the last DC in the child domain, so we therefore want to also blat the domain
- LocalAdministratorPassword - the password assigned to the new member server's Local Administrator account
- IgnoreLastDnsServerForZone - continue removal despite the DC being that last holder of the child domain's DNS zone
- Credential - our Enterprise Admin credential
- RemoveApplicationPartitions - remove associated application partitions
- Force - use the... yes, really! Suppress messages and warnings and stuff.
"Now cracks a noble heart. Good night sweet prince:
And flights of angels sing thee to thy rest!"