Recipe 15.2 Enabling Diagnostics Logging

15.2.1 Problem

You want to enable diagnostics event logging because the current level of logging is not providing enough information to help pinpoint the problem you are troubleshooting.

15.2.2 Solution Using a graphical user interface
  1. Run regedit.exe from the command line or Start Run.

  2. In the left pane, expand HKEY_LOCAL_MACHINE System CurrentControlSet Services NTDS Diagnostics.

  3. In the right pane, double-click on the diagnostics logging entry you want to increase, and enter a number (0-5) based on how much you want logged.

  4. Click OK. Using a command-line interface
> reg add HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics /v[RETURN]
"<LoggingSetting>" /t REG_DWORD /d <0-5> Using VBScript
' This code sets the specified diagnostics logging level
strDC   = "<DomainControllerName>"  ' e.g. dc01
strLogSetting = "<LoggingSetting>"  ' e.g. 1 Knowledge Consistency Checker
intFlag = <FlagValue>               ' Flag value in decimal, e.g. 5
' ------ END CONFIGURATION ---------

const HKLM = &H80000002
strRegKey = "SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics"
set objReg = GetObject("winmgmts:\\" & strDC & "\root\default:StdRegProv")
objReg.SetDwordValue HKLM, strRegKey, "LogFlags", intFlag
WScript.Echo "Diagnostics logging for " & strLogSetting _
             & " set to " & intFlag

15.2.3 Discussion

A useful way to troubleshoot specific problems you are encountering with Active Directory is to increase the diagnostics logging level. Diagnostics logging can be enabled by component. For example, if you determine the Knowledge Consistency Checker (KCC) is not completing every 15 minutes, you can enable diagnostics logging for the "1 Knowledge Consistency Checker" setting.

These settings are stored under HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics. By default, all settings are set to 0, which disables diagnostic logging, but you can increase it by setting it to a number from 1 through 5. As a general rule, a value of 1 is used for minimum logging, 3 for medium logging, and 5 for maximum logging. It is a good practice to ease your way up to 5 because some diagnostics logging settings can generate a bunch of events in the event log, which may make it difficult to read, along with increasing resource utilization on the domain controller.

Here is the complete list of diagnostics logging settings for Windows Server 2003. Note that settings 20-24 are not available on Windows 2000-based domain controllers.

1 Knowledge Consistency Checker
2 Security Events
3 ExDS Interface Events
4 MAPI Interface Events
5 Replication Events
6 Garbage Collection
7 Internal Configuration
8 Directory Access
9 Internal Processing
10 Performance Counters
11 Initialization/Termination
12 Service Control
13 Name Resolution
14 Backup
15 Field Engineering
16 LDAP Interface Events
17 Setup
18 Global Catalog
19 Inter-site Messaging
20 Group Caching
21 Linked-Value Replication
22 DS RPC Client
23 DS RPC Server
24 DS Schema

15.2.4 See Also

MS KB 220940 (How to Enable Diagnostic Event Logging for Active Directory Services)

    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List