Article ID: 314980 - View products that this article applies to.
This article was previously published under Q314980
This step-by-step article describes how to configure Active Directory diagnostic event logging in Microsoft Windows 2000 and Microsoft Windows Server 2003.
Active Directory records events to the Directory Services log of Event Viewer. You can use the information that is collected in the log to help you diagnose and resolve possible problems or monitor the activity of Active Directory-related events on your server.
By default, Active Directory records only critical events and error events in the Directory Service log. To configure Active Directory to record other events, you must increase the logging level by editing the registry.
Active Directory Diagnostic Event LoggingThe registry entries that manage diagnostic logging for Active Directory are stored in the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\DiagnosticsEach of the following REG_DWORD values under the Diagnostics subkey represent a type of event that can be written to the event log:
1 Knowledge Consistency Checker (KCC)
2 Security Events
3 ExDS Interface Events
4 MAPI Interface Events
5 Replication Events
6 Garbage Collection
7 Internal Configuration
8 Directory Access
9 Internal Processing
10 Performance Counters
12 Service Control
13 Name Resolution
15 Field Engineering
16 LDAP Interface Events
18 Global Catalog
19 Inter-site Messaging
New to Windows Server 2003:
20 Group Caching
21 Linked-Value Replication
22 DS RPC Client
23 DS RPC Server
24 DS Schema
Logging LevelsEach entry can be assigned a value from 0 through 5, and this value determines the level of detail of the events that are logged. The logging levels are described as:
How to Configure Active Directory Diagnostic Event LoggingTo configure Active Directory diagnostic event logging, follow these steps.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/322756/ )How to back up and restore the registry in Windows
For more information about how to view and manage logs in Event Viewer, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/302542/ )How to diagnose system problems with Event Viewer in Microsoft Windows 2000
235427You can find information about enabling Windows 2000 application deployment debug logging in the following article. This may be useful with any problems that are related to advertisement, publishing, or assignment of Windows Installer programs by using Windows 2000 Group Policy.
(http://support.microsoft.com/kb/235427/ )How to view saved Directory Service, DNS server, and file replication service event logs from another Windows 2000-based computer
(http://support.microsoft.com/kb/249621/ )How to troubleshoot software installations with Windows 2000 application management debug logging
Article ID: 314980 - Last Review: October 31, 2006 - Revision: 4.5
Contact us for more help
Connect with Answer Desk for expert help.