Control enhanced event logging for Active Directory

  • Section(s): Event log , Active Directory
  • Published on Apr 20, 2004.
  • Last Modified on Apr 20, 2004.
  • Last Modified by Wayne Maples.
  • Rated 2.9 out of 5 based on 7 votes.
Active Directory is complex. One can begin to have problems which are difficult to diagnose. You can enable enhanced logging for many AD components and events:
  • Knowledge Consistency Checker
  • Inialization/Termination
  • Service Control
  • Name Resolution
  • Backup
  • LDAP Interface Events
  • Global Catalog
  • Inter-site Messaging
  • Security Events
  • ExDS Interface Events
  • MAPI Interface Events
  • Replication Events
  • Directory Access
The number of events and detailed written to the log can be controlled. To enable verbose logging :

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\NTDS
Name: Diagnostics
Type: REG_DWORD
Set Diagnostics=5 for maximum logging, Diagnostics=3 for medium logging, Diagnostics=1 for minimal logging, and Diagnostics=0 for no verbose AD logging. Be careful with the more verbose settings, they will consume resources but if you have problems, this information can be invaluable. Reset to none or minimal once the problem has been resolved to return to maximum performance levels.

About Wayne Maples

Share this article


Article not looking right or info is missing? Let us know so that we can fix it: .


Receive all the latest articles by email!

Receive Real-Time & Monthly WindowsNetworking.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowsNetworking.com member!

Discuss your network issues with thousands of other network administrators. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred Network Inventory solution?