Event ID 12295 — Domain Controller Demotion
Applies To: Windows Server 2008
.jpg)
You can use the Active Directory Domain Services Installation Wizard (Dcpromo.exe) to promote a server to a domain controller and to demote a domain controller to a member server (or to a stand-alone server in a workgroup if the domain controller is the last domain controller in the domain). As part of the demotion process, the wizard removes the configuration data for the domain controller from Active Directory Domain Services (AD DS). This data takes the form of an NTDS Settings object that exists as a child of the server object in Active Directory Sites and Services. The information is in the following location in AD DS:
CN=NTDS Settings,CN=server,CN=Servers,CN=site,CN=Sites,CN=Configuration,DC=domain
The attributes of the NTDS Settings object include data that represents how the domain controller is identified in relation to its replication partners, the naming contexts that are maintained on the machine, whether the domain controller is a global catalog server, and the default query policy. The NTDS Settings object is also a container that may have child objects that represent the domain controller's direct replication partners. This data is required for the domain controller to operate in the environment, but it is retired at demotion of the domain controller.
Event Details
| Product: | Windows Operating System |
| ID: | 12295 |
| Source: | SAM |
| Version: | 6.0 |
| Symbolic Name: | SAMMSG_DATABASE_FILE_NOT_DELETED |
| Message: | The SAM database attempted to delete the file %1 as it contains account information that is no longer used. The error is in the record data. Please have an administrator delete this file. |
Resolve
Delete the referenced file manually
The Security Accounts Manager (SAM) was not able to delete the file that was referred to in the Event Viewer event text. Go to the file location that is referred to in the Event Viewer event text, and delete the file. If you are not able to delete the file, try again after you restart the computer. Perform the following procedure using a domain member computer that has domain administrative tools installed.
To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.
To manually delete the referenced file:
Type the path to the file in the Run box. For example, if the file to be deleted is C:\Windows\NTDS\ntds.dit, click Start, click Run, type c:\Windows\NTDS, and then press ENTER.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
Right-click the file named NTDS, and then click Delete.
Note: As an alternative, you can type del C:\Windows\NTDS\ntds.dit /q at a command prompt.
Verify
To ensure that the domain controller demotion was successful, verify that the Active Directory database files were removed and that the computer account is no longer in the Domain Controllers organizational unit (OU) or in the Domain Controllers group in Active Directory Users and Computers. Perform the following procedures using a domain member computer that has domain administrative tools installed.
To perform these procedures, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.
Verify that the Active Directory database files were removed
To verify that the Active Directory database files were removed:
- Open a command prompt as an administrator. To open a command prompt as administrator, click Start. In Start Search, type Command Prompt. At the top of the Start Menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
- At the command prompt, type cd /d %windir%\ntds, and then press ENTER. (If you installed Active Directory to a nondefault folder when you installed this domain controller, substitute that folder name and path for %windir%\ntds). If the result of this command is File not found, the files were deleted successfully.
Verify that the computer account is no longer in the Domain Controllers OU or the Domain Controllers group
To verify that the computer account is no longer in the Domain Controllers OU or the Domain Controllers group:
- Open Active Directory Users and Computers. To open Active Directory Users and Computers, click Start. In Start Search, type dsa.msc, and then press ENTER.
- Expand the domain object, if necessary, and then click the Domain Controllers OU. If the computer account is not in this container, the removal of the computer account from the OU was successful.
- Right-click the domain object, and then click Find.
- In Name, type Domain Controllers, and then click Find Now. The Domain Controllers group appears in Search results.
- Right-click the Domain Controllers group, and then click Properties.
- On the Members tab, ensure that the computer account is not listed.