Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
Unable to Recover Encrypted Files After the Domain Controller Is Demoted
Article ID: 276239 - View products that this article applies to.
This article was previously published under Q276239
When a Windows-based computer that is a domain controller is demoted to a member server by using the Active Directory Installation wizard (Dcpromo.exe), you are unable to recover Encrypting File System (EFS)-encrypted documents.
This issue can occur because the private key for the recovery agent for the local EFS-encrypted documents is lost during the demotion when the Security Accounts Manager (SAM) is recreated on that computer. You are unable to recover encrypted documents on this computer unless the recovery agent is changed to an existing domain account before encryption.
To resolve this issue, use either of the following methods:
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
Article ID: 276239 - Last Review: March 1, 2007 - Revision: 5.4