Active Directory Logs I’ve Learned to Love Part 2 of 7: NTDS Diagnostics Logging
In its normal running mode, your Active Directory will only log both critical and error events to the Directory Service log on your Domain Controller. Most of the time this isn’t a problem because logging too many events would slow down its processing of incoming authentication requests. However, at times you want to dial up logging in the database.
To enable this additional logging, navigate to…
…HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics and check out the twenty-four logging options available there as shown in Figure 1.
The 24 possible parts of NTDS operations you can enable are: Knowledge Consistency Checker, Performance Counters, Initialization/Termination, Service Control, Name Resolution, Backup, Field Engineering, LDAP Interface Events, Setup, Global Catalog, Inter-site Messaging, Security Events, Group Caching, Linked-Value Replication, DS RPC Client, DS RPC Server, DS Schema, ExDS Interface Events, MAPI Interface Events, Replication Events, Garbage Collection, Internal Configuration, Directory Access, and Internal Processing.
For any of these, set the DWORD value to a number between 0 and 5. The default level of 0 will only log critical and error events. Conversely, at level 5 (the highest level) everything gets dropped into the Directory Services event log. Be very careful about setting too many of these too high (above 3 for any is processor intensive) as it can impact the operation of the server.
Click here to read all posts in this seven part series!
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine