Skip navigation
Menu
End-User Platforms>Windows 7/8

JSI Tip 9694. When you demote a domain controller and join it as a member server, the Event Viewer still shows the Directory Service and File Replication Service Event logs?

When you demote a domain controller, the Directory Service and File Replication Service keys are NOT removed from the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog, causing the Event Viewer to still show these logs, even though they are no longer populated.

To resolve this issue, simply delete the Directory Service and File Replication Service sub-keys at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog.

NOTE: A restart is NOT required.

NOTE: You can use REG.EXE, built into Windows Server 2003, or REG.EXE from the Support Tools on the Windows 2000 Server CD-ROM, and type the following in a CMD.EXE window, pressing Enter after each line:

REG DELETE "HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Directory Service" /F
REG DELETE "HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\File Replication Service" /F



Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
PowerShell screenshot shows Where-Object cmdlet
How to Use the PowerShell Where-Object Cmdlet
Aug 04, 2022
shield_icon_laptop.jpg
What To Do When Windows Defender Is Not Working
Mar 15, 2022
Computer Screen Showing Password Dialog Box
Microsoft Edge Downloads Updated for Azure AD Sign-In & Sync
Aug 22, 2019
mktg-wp-nolabel5
How to Approach the Windows 7 to 10 Migration
Aug 01, 2019