Backtrack:  
 
by lunarg on September 16th 2015, at 17:24

After demoting a domain controller, the related event logs (DNS Server, File Replication Service, and Directory Service) are not removed. While this is technically not an issue, it can potentially confuse monitoring systems (SCOM inadvertently detects a DNS server while there is none). Or, perhaps you should want to be tidy.

  1. Open regedit.
  2. Navigate to:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
  3. This key contains a subkey, one for each event log. Remove the following keys to remove the event logs:
    • Directory Service
    • File Replication Service
    • DNS Server
    You do not need to reboot the server. The logs are immediately removed from the Event Viewer.

Although the change is effective immediately, the underlying event log files are still in use. If you wish to remove these, you'll need to reboot the server in order to have the Event Log restarted (you cannot manually restart the service).

  1. After the reboot, navigate to the folder:
    %windir%\system32\config
  2. Remove the following files:
    • DnsEvent.Evt
    • NTDS.Evt
    • NtFrs.Evt
 
 
« March 2024»
SunMonTueWedThuFriSat
     12
3456789
10111213141516
17181920212223
24252627282930
31      
 
Links
 
Quote
« Debating Windows vs. Linux vs. Mac is pointless: they all have their merits and flaws, and it ultimately comes to down to personal preference. »
Me