You seek to know the steps to remove the on-premise version of Threat Defense for Active Directory (TDAD).

1. Remove the TDAD policy from the TDAD console
2. Verify that the policy is removed from the SEPM and that the TDAD policy is not assigned to any Symantec Endpoint Protection Manager (SEPM) group
3. Delete the Domain from the TDAD console
4. Verify that the deception accounts are no longer listed in the Active Directory (AD) and remove any remaining deception accounts
5. Remove the SEPM servers from the TDAD console
6. Uninstall the Core server