Saturday, May 26, 2012

Active Directory and Logging

I have been asked in many interviews that what is Active directory database is and where the logs would be located? It’s a tricky question and the people who also good in AD administration might be overlooked. Even I am one of the persons of thatJ. I decided to talk about this and wanted to post here something which I learnt today.

Active Directory

Active directory database is a repository for users and computers and it is a centralized database which keeps track of all the user accounts and passwords in organization which allows storing user accounts and passwords in one protected location to improve organization's security.

The Active Directory database consists of objects and attributes. Objects and attribute definitions are stored in the Active Directory schema, Active directory consists of 4 partitions those are Domain, Configuration, and Schema and Application partitions.

Active Directory records events to the Directory Services log of Event Viewer. You can use the information that is collected in the log to help you diagnose and resolve possible problems or monitor the activity of Active Directory-related events on your server.

By default, Active Directory records only critical events and error events in the Directory Service log. To configure Active Directory to record other events, you must increase the logging level by editing the registry.

Active Directory Diagnostic Event Logging

The registry entries that manage diagnostic logging for Active Directory are stored in the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

Go to >> Run >> regedit, click Yes



Expand the Services and Select NTDS settings, then Select Diagnostics, right side of the pane you can view list of the REG_DWORD options.



Logging Levels

Each entry can be assigned a value from 0 through 5, and this value determines the level of detail of the events that are logged. The logging levels are described as:

·  0 (None): Only critical events and error events are logged at this level. This is the default setting for all entries, and it should be modified only if a problem occurs that you want to investigate.

·  1 (Minimal): Very high-level events are recorded in the event log at this setting. Events may include one message for each major task that is performed by the service. Use this setting to start an investigation when you do not know the location of the problem.

·  2 (Basic)

·  3 (Extensive): This level records more detailed information than the lower levels, such as steps that are performed to complete a task. Use this setting when you have narrowed the problem to a service or a group of categories.

·  4 (Verbose)

·  5 (Internal :): This level logs all events, including debug strings and configuration changes. A complete log of the service is recorded. Use this setting when you have traced the problem to a particular category of a small set of categories.

Select any of the REG_DWORD option which you want to see the diagnostic logging. Based on the above options select an option and change the value.


PS: I wanted to remind you here that modifying higher logging levels increases the number of entries recorded in the event log and you may not scrutinize as desire. Similarly high logging levels reduce the server performance.



Source Articles:






Your valuable feedback on this article is most appreciated



Regards, Raju

This posting is provided "as is" with no warranties and confers no rights.

2 comments:

  1. fantastic issues altogether, you just won
    a new reader. What could you recommend in regards to your put
    up that you just made a few days ago? Any sure?
    my site > exchange

    ReplyDelete
  2. You've made some decent points there. I checked on the internet to learn more about the issue and found most individuals will go along with your views on this web site.
    my page > server

    ReplyDelete