Apr 11 2010
Enable advanced logging on a Domain Controller
If you run into problems in a Domain and have the need for more information, you have the option to enable an advanced logging of specific settings.
This can be done with changing a registry setting on a specific Domain Controller, keep in mind that this setting is not replicated to other Domain controllers.
Open the registry editor and browse to:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics
Here you will find available REG_DWORD options that can be changed to an advanced logging:
1 Knowledge Consistency Checker (KCC)
2 Security Events
3 ExDS Interface Events
4 MAPI Interface Events
5 Replication Events
6 Garbage Collection
7 Internal Configuration
8 Directory Access
9 Internal Processing
10 Performance Counters
11 Initialization/Termination
12 Service Control
13 Name Resolution
14 Backup
15 Field Engineering
16 LDAP Interface Events
17 Setup
18 Global Catalog
19 Inter-site Messaging
New options coming with Windows Server 2003:
20 Group Caching
21 Linked-Value Replication
22 DS RPC Client
23 DS RPC Server
24 DS Schema
With Windows Server 2008 and Windows Server 2008 R2 now new options where added.
You have different options to configure the amount of logging from NONE to INTERNAL:
Keep in mind that setting higher logging levels increases the number of entries recorded in the event log and you aren’t be able to parse them. Also high logging levels can/will have, mostly negative, impact on the server performance.
Additional resources:
How to configure Active Directory diagnostic event logging in Windows Server 2003 and in Windows 2000 Server KB314980
Directory Service Configuration Management Tasks
See “Set logging level” in Configuring a Computer for Troubleshooting