Active Directory - Enable Diagnostic Logging

Turn on diagnostic logging for AD DS

Diagnostic logging for domain controllers is managed in the following registry location:

HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

Logging can be configured by modifying these REG_DWORD entries: 1 Knowledge Consistency Checker (KCC)
2 Security Events
3 ExDS Interface Events
4 MAPI Interface Events
5 Replication Events
6 Garbage Collection
7 Internal Configuration
8 Directory Access
9 Internal Processing
10 Performance Counters
11 Initialization/Termination
12 Service Control
13 Name Resolution
14 Backup
15 Field Engineering
16 LDAP Interface Events
17 Setup
18 Global Catalog
19 Inter-site Messaging
20 Group Caching
21 Linked-Value Replication
22 DS RPC Client
23 DS RPC Server
24 DS Schema

Diagnostic Logging Levels

The values below are used to configure the level of diagnostic logging provided by the host:

0 None Only critical events and error events are logged at this level. This is the default setting for all entries, and it should be modified only if a problem occurs that you want to investigate
1 Minmal Very high-level events are recorded in the event log at this setting. Events may include one message for each major task that is performed by the service. Use this setting to start an investigation when you do not know the location of the problem
2 Basic
3 Extensive This level records more detailed information than the lower levels, such as steps that are performed to complete a task. Use this setting when you have narrowed the problem to a service or a group of categories
4 Verbose
5 Internal This level logs all events, including debug strings and configuration changes. A complete log of the service is recorded. Use this setting when you have traced the problem to a particular category of a small set of categories

View Current Logging Levels

$Reg = "HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics"
Get-ItemProperty -Path $Reg

Configure with PowerShell

Use the following PowerShell example to configure logging levels:

$Reg = "HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics"
Set-ItemProperty -Path $Reg -Name <service> -Type DWORD -Value <value>

Netlogon Logging

After enabling Netlogon logging the activity will be logged to %windir%\debug\netlogon.log. Depending on the amount of activity you may want to increase the size of this log from the default 20 MB. When the file reaches 20 MB, it is renamed to Netlogon.bak, and a new Netlogon.log file is created.

The size of the Netlogon.log file can be increased by changing the MaximumLogFileSize registry entry. This registry entry does not exist by default.

Configure log size with PowerShell:

$Reg = "HKLM:\ SYSTEM\CurrentControlSet\Services\Netlogon\Parameters"
New-ItemProperty -Path -Name MaximumLogFileSize  -Type DWORD -Value <log-size>

Configure log size with Group Policy:

Computer Configuration\Administrative Templates\System\Net Logon\Maximum Log File Size

Turn on NetLogon Logging

Command Line:

nltest /dbflag:0x2080ffff

Powershell:

$Reg = "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\"
New-ItemProperty -Path -Name DBFlag -Type DWORD -Value 545325055

$Reg = "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\"
Set-ItemProperty -Path $Reg -Name DBFlag -Type DWORD -Value 545325055

Restart-Service netlogon

Turn off NetLogon Logging

Command Line:

nltest /dbflag:0x0

PowerShell:

$Reg = "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\"
Set-ItemProperty -Path $Reg -Name DBFlag -Type DWORD -Value 0

Restart-Service netlogon </log-size>


KeywordsActive Directory debugging logging LDAP NTDS AD   Doc ID35143
OwnerMST SupportGroupIdentity and Access Management
Created2013-11-06 12:12:22Updated2022-05-12 10:55:03
SitesIdentity and Access Management
Feedback  1   0