When working towards decommissioning a single or multiple Domain Controllers/DNS servers it is important before the DNS role is removed that every device referencing the server for DNS queries is identified and updated with the new values. DNS is an integral part of healthy functioning systems and failure to do so could result in serious system failures and problems.

A simple example of this in the real world would be if you only had email alerting setup for hardware monitoring with the mail server value set with a fully qualified domain name. When the disks eventually start to fail one by one, notifications would not resolve to the mail server so would not get through to the correct personnel, eventually if this was not picked up the RAID would exhaust any spares/resiliency and the system would crash, you would then be looking at rebuilding the server/storage array then restoring from backups.

Setup DNS Logging

Within DNS Manager, right click the server and go to Properties then select Debug Logging
Change the values as per the image below which will focus logging on incoming UDP queries
Once applied, allow some time for DNS queries to appear, i.e. 1 to 24 hours to get a better picture of queries but ideally the longer the better to ensure any device using this server for DNS queries is caught in the logs.

Install Logparser 2.2

View DNS Queries

Open up Command Prompt then change your directory to the recently installed Log Parser;

cd "C:\Program Files (x86)\Log Parser 2.2"
Once in the directory, run the following command which analyse your DNS log file and return the query count in
LogParser -i:TSV -nskiplines:30 -headerRow:off -iSeparator:space -nSep:1 -fixedSep:off -rtp:-1 "SELECT field8 AS IP, REVERSEDNS(IP) AS Name, count(IP) as QueryCount FROM "C:\Temp\dns_log.log" WHERE field10 = 'Q' GROUP BY IP ORDER BY QueryCount DESC"

The results returned will look similar to the following;

IP Name QueryCount server98.domain.local 2851 server3.domain.local 2331 pc11.domain.local 165
You can now update the DNS settings on these devices then continuously monitor this log to gradually reduce the query count so that nothing is hitting it and from a DNS perspective at least you can proceed with the demotion/decomission.
Note: You may get occasional SOA lookups which you do not need to worry about if you are working towards when decommissioning the server. Also be aware of devices that very rarely perform DNS lookups such as network, printer or out of band management devices.