Domain Controller Demotion
Applies To: Windows Server 2008
You can use the Active Directory Domain Services Installation Wizard (Dcpromo.exe) to promote a server to a domain controller and to demote a domain controller to a member server (or to a stand-alone server in a workgroup if the domain controller is the last domain controller in the domain). As part of the demotion process, the wizard removes the configuration data for the domain controller from Active Directory Domain Services (AD DS). This data takes the form of an NTDS Settings object that exists as a child of the server object in Active Directory Sites and Services. The information is in the following location in AD DS:
CN=NTDS Settings,CN=server,CN=Servers,CN=site,CN=Sites,CN=Configuration,DC=domain
The attributes of the NTDS Settings object include data that represents how the domain controller is identified in relation to its replication partners, the naming contexts that are maintained on the machine, whether the domain controller is a global catalog server, and the default query policy. The NTDS Settings object is also a container that may have child objects that represent the domain controller's direct replication partners. This data is required for the domain controller to operate in the environment, but it is retired at demotion of the domain controller.
Events
| Event ID | Source | Message |
|---|---|---|
SAM |
The SAM database attempted to delete the file %1 as it contains account information that is no longer used. The error is in the record data. Please have an administrator delete this file. | |
SAM |
The SAM database attempted to clear the directory %1 in order to remove files that were once used by Active Directory Domain Services. The error is in record data. Please have an administrator delete these files. | |
SAM |
An error occurred when trying to remove the account %1 from the group %2. The problem, "%3", occurred when trying to remove the account from the group. Please remove the member manually. |