Apr 11 2010

Enable advanced logging on a Domain Controller

Published by under Active Directory

If you run into problems in a Domain and have the need for more information, you have the option to enable an advanced logging of specific settings.

This can be done with changing a registry setting on a specific Domain Controller, keep in mind that this setting is not replicated to other Domain controllers.

Open the registry editor and browse to:

HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics

Here you will find available REG_DWORD options that can be changed to an advanced logging:

1 Knowledge Consistency Checker (KCC)
2 Security Events
3 ExDS Interface Events
4 MAPI Interface Events
5 Replication Events
6 Garbage Collection
7 Internal Configuration
8 Directory Access
9 Internal Processing
10 Performance Counters
11 Initialization/Termination
12 Service Control
13 Name Resolution
14 Backup
15 Field Engineering
16 LDAP Interface Events
17 Setup
18 Global Catalog
19 Inter-site Messaging

New options coming with Windows Server 2003:

20 Group Caching
21 Linked-Value Replication
22 DS RPC Client
23 DS RPC Server
24 DS Schema

With Windows Server 2008 and Windows Server 2008 R2 now new options where added.

You have different options to configure the amount of logging from NONE to INTERNAL:

  • 0 (None): Only critical events and error events are logged at this level. This is the default setting for all entries, and it should be modified only if a problem occurs that you want to investigate.
  • 1 (Minimal): Very high-level events are recorded in the event log at this setting. Events may include one message for each major task that is performed by the service. Use this setting to start an investigation when you do not know the location of the problem.
  • 2 (Basic)
  • 3 (Extensive): This level records more detailed information than the lower levels, such as steps that are performed to complete a task. Use this setting when you have narrowed the problem to a service or a group of categories.
  • 4 (Verbose)
  • 5 (Internal:): This level logs all events, including debug strings and configuration changes. A complete log of the service is recorded. Use this setting when you have traced the problem to a particular category of a small set of categories.
  • Keep in mind that setting higher logging levels increases the number of entries recorded in the event log and you aren’t be able to parse them. Also high logging levels can/will have, mostly negative, impact on the server performance.

    Additional resources:

    How to configure Active Directory diagnostic event logging in Windows Server 2003 and in Windows 2000 Server KB314980

    Directory Service Configuration Management Tasks

    See “Set logging level” in Configuring a Computer for Troubleshooting

    Directory Services Debug Logging Primer

    Enabling debug logging for the Net Logon service

    2 responses so far




    Trackback URI | Comments RSS

    Leave a Reply

    *