How to turn on Active Directory diagnostic event logging

How to turn on Active Directory diagnostic event logging

The following information comes from : http://support.microsoft.com/kb/314980

 This step-by-step article describes how to configure Active Directory diagnostic event logging in Microsoft Windows 2000 and Microsoft Windows Server 2003.

Active Directory records events to the Directory Services log of Event Viewer. You can use the information that is collected in the log to help you diagnose and resolve possible problems or monitor the activity of Active Directory-related events on your server.

By default, Active Directory records only critical events and error events in the Directory Service log. To configure Active Directory to record other events, you must increase the logging level by editing the registry.

Active Directory Diagnostic Event Logging

The registry entries that manage diagnostic logging for Active Directory are stored in the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics
Each of the following REG_DWORD values under the Diagnostics subkey represent a type of event that can be written to the event log:
1 Knowledge Consistency Checker (KCC)
2 Security Events
3 ExDS Interface Events
4 MAPI Interface Events
5 Replication Events
6 Garbage Collection
7 Internal Configuration
8 Directory Access
9 Internal Processing
10 Performance Counters
11 Initialization/Termination
12 Service Control
13 Name Resolution
14 Backup
15 Field Engineering
16 LDAP Interface Events
17 Setup
18 Global Catalog
19 Inter-site Messaging
New to Windows Server 2003:
20 Group Caching
21 Linked-Value Replication
22 DS RPC Client
23 DS RPC Server
24 DS Schema

Logging Levels

Each entry can be assigned a value from 0 through 5, and this value determines the level of detail of the events that are logged. The logging levels are described as:
  • 0 (None): Only critical events and error events are logged at this level. This is the default setting for all entries, and it should be modified only if a problem occurs that you want to investigate.
  • 1 (Minimal): Very high-level events are recorded in the event log at this setting. Events may include one message for each major task that is performed by the service. Use this setting to start an investigation when you do not know the location of the problem.
  • 2 (Basic)
  • 3 (Extensive): This level records more detailed information than the lower levels, such as steps that are performed to complete a task. Use this setting when you have narrowed the problem to a service or a group of categories.
  • 4 (Verbose)
  • 5 (Internal:): This level logs all events, including debug strings and configuration changes. A complete log of the service is recorded. Use this setting when you have traced the problem to a particular category of a small set of categories.

How to Configure Active Directory Diagnostic Event Logging

To configure Active Directory diagnostic event logging, follow these steps.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
  1. Click Start, and then click Run.
  2. In the Open box, type regedit, and then click OK.
  3. Locate and click the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics
    Each entry that is displayed in the right pane of the Registry Editor window represents a type of event that Active Directory can log. All entries are set to the default value of 0 (None).
  4. Configure event logging for the appropriate component:
    1. In the right pane of Registry Editor, double-click the entry that represents the type of event for which you want to log. For example, Security Events.
    2. Type the logging level that you want (for example, 2) in the Value data box, and then click OK.
  5. Repeat step 4 for each component that you want to log.
  6. On the Registry menu, click Exit to quit Registry Editor.
Notes
  • Logging levels should be set to the default value of 0 (None) unless you are investigating an issue.
  • When you increase the logging level, the detail of each message and the number of messages that are written to the event log also increase. A diagnostic level of 3 or greater is not recommended, because logging at these levels requires more system resources and can degrade the performance of your server. Make sure that you reset the entries to 0 after you finish investigating the problem.

Collapse imageREFERENCES

For more information about how to view and manage logs in Event Viewer, click the following article number to view the article in the Microsoft Knowledge Base:
302542 How to diagnose system problems with Event Viewer in Microsoft Windows 2000
235427 How to view saved Directory Service, DNS server, and file replication service event logs from another Windows 2000-based computer
You can find information about enabling Windows 2000 application deployment debug logging in the following article. This may be useful with any problems that are related to advertisement, publishing, or assignment of Windows Installer programs by using Windows 2000 Group Policy.
249621 How to troubleshoot software installations with Windows 2000 application management debug logging  

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Change Reset Password Button Text

        Change the text of the "Reset Password" button on the UW Login Page How to change the text of the Reset Password button on the Login Page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants ...
      • Remove Reset Password Button From Login Page

        Remove the Reset Password Button from the Login Page How to remove the Reset Password button from the Unified Workspace login page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants Expand ...
      • Lenovo Unified Workspace End-of-Life Questions and Answers

        As of January 31st 2024, Lenovo Unified Workspace (formerly Stoneware WebNetwork) is no longer supported. This means that we no longer provide licenses, downloads, updates, patches, or technical assistance for this product. If you have any questions ...
      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...
      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...
      • Related Articles

      • Microsoft command line tools for Active Directory

        How to Manage Users Creating a New User Account 1. Click Start, and then click Run. 2. In the Open box, type cmd. 3. At the command prompt, type the following command: dsadd user userdn -samid sam_name The following values are used in this command: • ...
      • How to add an attribute to the search index in Active Directory

        For Active Directory and webNetwork there are 4 attributes that will help speed up webStorage. "member" "swareAssignedNodes"  "swareAssignedMenus" "swareAlias" The following information comes from :  ...
      • UW Active Directory Modifications

        Issue: How does Lenovo Unified Workspace affect Active Directory and specifically the Schema? Solution: Why does UW need to extend the Schema of AD? Please see the following KB article for a full explanation: ...
      • Verify Active Directory SSL

        How can I check if my Microsoft Active Directory Domain controller / LDAP Server has SSL ?   The following URL has a nice write up about the Microsoft Tool called LDP.exe http://www.computerperformance.co.uk/w2k3/utilities/ldp.htm You can download ...
      • List of Active Directory Error Codes

        The error codes for Active Directory can be found at this Microsoft URL. http://msdn.microsoft.com/en-us/library/ms681381%28VS.85%29.aspx