We have a pair of legacy domain controllers that I want to demote and shutdown. I've already created a pair of Windows Server 2019 DCs and migrated the FSMO roles to one. We have a fairly large environment with many LDAP connections, or domain joined appliances. I've spent the last 6 months trying to find every reference do the legacy domain controllers that I can from everything that I've inherited with little to no documentation. MFDs, UPS's, server / appliance NICs, applications, DHCP scopes, etc.
To see if I'd discovered enough, I wanted to schedule a shutdown test of the two legacy DCs. I have some concerns though about how w32tm, Kerberos, and domain joined devices work with round robin requests. If I merely shutdown the DCs rather than demote them and then shut them down, since devices and member servers reference time through w32tm in a round robin method (as far as I know) from DCs, I think this could cause issues if the device was registered to one of the DCs I shutdown. Similarly, with devices which reference the root of the domain, example.local, rather than specific DCs, this DNS entry will also return in round robin, and I believe that will pose an issue as well.
Am I correct in my assumptions? Is biting the bullet and demoting the DCs really the recommended way to move forward? Do non-windows domain joined devices (like linux appliances) typically have to be rejoined to the domain after a change like this?