Control enhanced event logging for Active Directory

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

Active Directory is complex. One can begin to have problems which are difficult to diagnose. You can enable enhanced logging for many AD components and events:
  • Knowledge Consistency Checker
  • Inialization/Termination
  • Service Control
  • Name Resolution
  • Backup
  • LDAP Interface Events
  • Global Catalog
  • Inter-site Messaging
  • Security Events
  • ExDS Interface Events
  • MAPI Interface Events
  • Replication Events
  • Directory Access
The number of events and detailed written to the log can be controlled. To enable verbose logging :

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\NTDS
Name: Diagnostics
Type: REG_DWORD
Set Diagnostics=5 for maximum logging, Diagnostics=3 for medium logging, Diagnostics=1 for minimal logging, and Diagnostics=0 for no verbose AD logging. Be careful with the more verbose settings, they will consume resources but if you have problems, this information can be invaluable. Reset to none or minimal once the problem has been resolved to return to maximum performance levels.

See Also

Featured Links