Test-ADDSDomainControllerUninstallation

Test-ADDSDomainControllerUninstallation

Runs the prerequisites (only) for uninstalling a domain controller in Active Directory.

Syntax

Parameter Set: ADDSDomainControllerUninstall
Test-ADDSDomainControllerUninstallation [-Credential <PSCredential> ] [-DemoteOperationMasterRole] [-DnsDelegationRemovalCredential <PSCredential> ] [-Force] [-IgnoreLastDCInDomainMismatch] [-IgnoreLastDnsServerForZone] [-LastDomainControllerInDomain] [-LocalAdministratorPassword <SecureString> ] [-NoRebootOnCompletion] [-RemoveApplicationPartitions] [-RemoveDnsDelegation] [-RetainDCMetadata] [ <CommonParameters>]

Parameter Set: ADDSDomainControllerUninstallForceRemoval
Test-ADDSDomainControllerUninstallation -ForceRemoval [-Credential <PSCredential> ] [-DemoteOperationMasterRole] [-Force] [-LocalAdministratorPassword <SecureString> ] [-NoRebootOnCompletion] [ <CommonParameters>]

Detailed Description

The Test-ADDSDomainControllerUninstallation cmdlet runs those prerequisite checks (only) which would be performed if you were to use the Uninstall-ADDSDomainController cmdlet to uninstall a domain controller in Active Directory. It differs from using the -WhatIf parameter with the Uninstall-ADDSDomainController cmdlet in that instead of summarizing the changes that would occur during the uninstallation process, this cmdlet actually tests whether those changes are possible given the current environment.

For more information on the scope of these prerequisite checks that the ADDSDeployment module performs when using this cmdlet see the section "Prerequisite Checking" in Understand and Troubleshoot AD DS Simplified Administration.

Parameters

-Credential<PSCredential>

Specifies the user name and password that corresponds to the account used to install the domain controller. To prompt the user to supply a password, use Runs the prerequisites (only) to determine if installing a domain controller is possible that includes a DNS server for the corp.contoso.com domain (using domain administrator credentials) and that prompts the user to correctly specify the Directory Services Restore Mode (DSRM) password."(Get-Credential)" in place of an existing PSCredential type. This causes Windows PowerShell to prompt the user to enter credentials using the Windows security login UI.

Aliases

none

Required?

false

Position?

named

Default Value

NULL

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-DemoteOperationMasterRole

Indicates that (forced) demotion should continue even if an operations master role is discovered on domain controller from which AD DS is being removed.

Aliases

none

Required?

false

Position?

named

Default Value

NULL

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-DnsDelegationRemovalCredential<PSCredential>

Specifies the account credentials (user name and password) to use when you create or remove the DNS delegation. If you do not specify a value, then the account credentials that you specify for the AD DS installation or removal are used to for the DNS delegation. As an alternative, you can prompt the user to supply a password. To do so, use "(Get-Credential)" in place of an existing PSCredential type. This causes Windows PowerShell to prompt the user to enter credentials using the Windows security login UI.

Aliases

none

Required?

false

Position?

named

Default Value

NULL

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Force

When this parameter is specified any warnings that might normally appear during the uninstallation and removal of the domain controller will be suppressed to allow the cmdlet to complete its operation. This parameter can be useful to include when scripting uninstallation.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-ForceRemoval

Forces the removal of a domain controller. Use this parameter to force the uninstall of AD DS if you need to remove the domain controller and do not have connectivity to other domain controllers within the domain topology.

Aliases

none

Required?

true

Position?

named

Default Value

NULL

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-IgnoreLastDCInDomainMismatch

Used in conjunction with -LastDomainControllerInDomain. This parameter specifies whether the Windows PowerShell ignores any inconsistency that it detects with the value that you specify for -LastDomainControllerInDomain. For example, if you specify -LastDomainControllerInDomain but Windows PowerShell detects that there is actually another active domain controller in the domain, you can specify -IgnoreLastDCInDomainMismatch to have Windows PowerShell continue the removal of AD DS from the domain controller despite the inconsistency that it has detected. Similarly, if you do not specify -LastDomainControllerInDomain but Windows PowerShell cannot detect that another domain controller is in the domain, you can specify -IgnoreLastDCInDomainMismatch to have Windows PowerShell continue to remove AD DS from the domain controller.

Aliases

none

Required?

false

Position?

named

Default Value

NULL

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-IgnoreLastDnsServerForZone

Specifies whether to continue the removal of AD DS despite the fact that the domain controller is the last DNS server for one or more of the Active Directory-integrated DNS zones that it hosts.

Aliases

none

Required?

false

Position?

named

Default Value

NULL

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-LastDomainControllerInDomain

Specifies whether the computer from which AD DS is being removed is the last domain controller in the domain.

Aliases

none

Required?

false

Position?

named

Default Value

NULL

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-LocalAdministratorPassword<SecureString>

Specifies a local administrator account password when AD DS is removed from a domain controller. In earlier releases, where uninstall of AD DS was done using Dcpromo.exe for demotion, the default was to allow an empty password for this setting. In Windows PowerShell, the ADDS Deployment module requires that a non-empty password string value be assigned. If a value is not provided for this parameter, you will be prompted to enter a value for the password at the Windows PowerShell prompt. The password value must be a secure string.

If this parameter is not specified, the cmdlet prompts you to enter and confirm a masked password. This is the preferred usage when running the cmdlet interactively. If additionally there are no other arguments specified with the cmdlet, you will be prompted to enter a masked password for this parameter but no confirmation of the password entered will be made (which is not recommended as it could allow a mistyped password to be configured). Another available advanced option is to use the ConvertTo-SecureString cmdlet and specify the password string inline as unmasked console input, which is also not a recommended security best practice in production deployments.

Aliases

none

Required?

false

Position?

named

Default Value

NULL

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-NoRebootOnCompletion

Specifies whether to not restart the computer upon completion, regardless of success. (By default, reboot upon completion occurs when this cmdlet is used and this parameter is omitted.)

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-RemoveApplicationPartitions

Specifies whether to remove application partitions during the removal of AD DS from a domain controller.

Aliases

none

Required?

false

Position?

named

Default Value

NULL

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-RemoveDnsDelegation

Specifies whether to preserve DNS delegations that point to this DNS server from the parent DNS zone.

By default, this parameter is set to FALSE, which means DNS delegations that point to this server from the parent DNS zone will not be retained after uninstallation of the domain controller. This setting corresponds to the earlier Dcpromo.exe parameter default of /RemoveDNSDelegation:Yes.

Aliases

none

Required?

false

Position?

named

Default Value

NULL

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-RetainDCMetadata

If this parameter is used it indicates that the domain controller should retain metadata for the domain after removal of AD DS from it.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

Outputs

The output type is the type of the objects that the cmdlet emits.

Examples

-------------------------- EXAMPLE 1 --------------------------

Description

-----------

Runs the prerequisites (only) to determine if uninstalling an additional domain controller in a domain is possible and in such a way that it will prompt the user to set and confirm the local Administrator password prior to completing the uninstallation process.

C:\PS>Test-ADDSDomainControllerUninstallation

Uninstall-ADDSDomainController