How to turn on Active Directory diagnostic event logging
The following information comes from : http://support.microsoft.com/kb/314980
This step-by-step article describes how to configure Active Directory diagnostic event logging in Microsoft Windows 2000 and Microsoft Windows Server 2003.
Active Directory records events to the Directory Services log of Event Viewer. You can use the information that is collected in the log to help you diagnose and resolve possible problems or monitor the activity of Active Directory-related events on your server.
By default, Active Directory records only critical events and error events in the Directory Service log. To configure Active Directory to record other events, you must increase the logging level by editing the registry.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
Active Directory records events to the Directory Services log of Event Viewer. You can use the information that is collected in the log to help you diagnose and resolve possible problems or monitor the activity of Active Directory-related events on your server.
By default, Active Directory records only critical events and error events in the Directory Service log. To configure Active Directory to record other events, you must increase the logging level by editing the registry.
Active Directory Diagnostic Event Logging
The registry entries that manage diagnostic logging for Active Directory are stored in the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics
Each of the following REG_DWORD values under the Diagnostics subkey represent a type of event that can be written to the event log:1 Knowledge Consistency Checker (KCC)
2 Security Events
3 ExDS Interface Events
4 MAPI Interface Events
5 Replication Events
6 Garbage Collection
7 Internal Configuration
8 Directory Access
9 Internal Processing
10 Performance Counters
11 Initialization/Termination
12 Service Control
13 Name Resolution
14 Backup
15 Field Engineering
16 LDAP Interface Events
17 Setup
18 Global Catalog
19 Inter-site Messaging
New to Windows Server 2003:
20 Group Caching
21 Linked-Value Replication
22 DS RPC Client
23 DS RPC Server
24 DS Schema
2 Security Events
3 ExDS Interface Events
4 MAPI Interface Events
5 Replication Events
6 Garbage Collection
7 Internal Configuration
8 Directory Access
9 Internal Processing
10 Performance Counters
11 Initialization/Termination
12 Service Control
13 Name Resolution
14 Backup
15 Field Engineering
16 LDAP Interface Events
17 Setup
18 Global Catalog
19 Inter-site Messaging
New to Windows Server 2003:
20 Group Caching
21 Linked-Value Replication
22 DS RPC Client
23 DS RPC Server
24 DS Schema
Logging Levels
Each entry can be assigned a value from 0 through 5, and this value determines the level of detail of the events that are logged. The logging levels are described as:- 0 (None): Only critical events and error events are logged at this level. This is the default setting for all entries, and it should be modified only if a problem occurs that you want to investigate.
- 1 (Minimal): Very high-level events are recorded in the event log at this setting. Events may include one message for each major task that is performed by the service. Use this setting to start an investigation when you do not know the location of the problem.
- 2 (Basic)
- 3 (Extensive): This level records more detailed information than the lower levels, such as steps that are performed to complete a task. Use this setting when you have narrowed the problem to a service or a group of categories.
- 4 (Verbose)
- 5 (Internal:): This level logs all events, including debug strings and configuration changes. A complete log of the service is recorded. Use this setting when you have traced the problem to a particular category of a small set of categories.
How to Configure Active Directory Diagnostic Event Logging
To configure Active Directory diagnostic event logging, follow these steps.Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
- Click Start, and then click Run.
- In the Open box, type regedit, and then click OK.
- Locate and click the following registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\DiagnosticsEach entry that is displayed in the right pane of the Registry Editor window represents a type of event that Active Directory can log. All entries are set to the default value of 0 (None).
- Configure event logging for the appropriate component:
- In the right pane of Registry Editor, double-click the entry that represents the type of event for which you want to log. For example, Security Events.
- Type the logging level that you want (for example, 2) in the Value data box, and then click OK.
- Repeat step 4 for each component that you want to log.
- On the Registry menu, click Exit to quit Registry Editor.
- Logging levels should be set to the default value of 0 (None) unless you are investigating an issue.
- When you increase the logging level, the detail of each message and the number of messages that are written to the event log also increase. A diagnostic level of 3 or greater is not recommended, because logging at these levels requires more system resources and can degrade the performance of your server. Make sure that you reset the entries to 0 after you finish investigating the problem.
Back to the top
REFERENCES
For more information about how to view and manage logs in Event Viewer, click the following article number to view the article in the Microsoft Knowledge Base:
302542 How to diagnose system problems with Event Viewer in Microsoft Windows 2000
235427 How to view saved Directory Service, DNS server, and file replication service event logs from another Windows 2000-based computer
You can find information about enabling Windows 2000 application deployment debug logging in the following article. This may be useful with any problems that are related to advertisement, publishing, or assignment of Windows Installer programs by using Windows 2000 Group Policy.249621 How to troubleshoot software installations with Windows 2000 application management debug logging
Can't find the KB
Unable to find the KB to address your issue ?
Recent Articles
Lenovo Unified Workspace End-of-Life Questions and Answers
Will the shutdown of LUW servers and access to downloads affect my server licensing? No, the shutdown of the customer servers and access to the product and licensing downloads will not affect your server licensing. This license is downloaded and ...How do I determine my Unified Workspace license expiration date?
The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...Lenovo Unified Workspace 7.0.2.13 Released
Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...LanSchool Documentation Guides
LanSchool Classic Teacher Console The LanSchool Teacher Console is the interface teachers will use to manage their classroom and students. It contains all the tools necessary for a teacher to effectively interact with students and create a ...Lenovo Unified Workspace 7.0.1.41 Released
Highlights of Unified Workspace 7.0.1.41 Before you install: Please view the installation notes here. 7.0.1.41 requires a 7.0 license file. Below is a list of enhancements and fixes for Unified Workspace 7.0.1.41 Updated Log4j Updated Java Updated ...
Related Articles
Microsoft command line tools for Active Directory
How to Manage Users Creating a New User Account 1. Click Start, and then click Run. 2. In the Open box, type cmd. 3. At the command prompt, type the following command: dsadd user userdn -samid sam_name The following values are used in this command: • ...How to add an attribute to the search index in Active Directory
For Active Directory and webNetwork there are 4 attributes that will help speed up webStorage. "member" "swareAssignedNodes" "swareAssignedMenus" "swareAlias" The following information comes from : ...UW Active Directory Modifications
Issue: How does Lenovo Unified Workspace affect Active Directory and specifically the Schema? Solution: Why does UW need to extend the Schema of AD? Please see the following KB article for a full explanation: ...Verify Active Directory SSL
How can I check if my Microsoft Active Directory Domain controller / LDAP Server has SSL ? The following URL has a nice write up about the Microsoft Tool called LDP.exe http://www.computerperformance.co.uk/w2k3/utilities/ldp.htm You can download ...SAML SP - Sync Directory Password
Login script to prompt for directory password Since the user does not login into Unified Workspace with a password, we cannot capture the password to use in the @@password@@ variable. If you would like to use the Active Directory password for other ...