Enabling Diagnostics Logging

A useful way to troubleshoot specific problems you are encountering with Active Directory is to increase the diagnostics logging level. Diagnostics logging can be enabled by component. For example, if you determine the KCC is not completing every 15 minutes, you can enable diagnostics logging for the one Knowledge Consistency Checker setting.

These settings are stored under HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics. By default, all settings are set to 0, which disables diagnostic logging, but you can increase any one of them by setting it to a number from 1 through 5. As a general rule, a value of 1 is used for minimum logging, 3 for medium logging, and 5 for maximum logging. It is a good practice to ease your way up to 5 because some diagnostics logging settings can generate a huge number of events in the event log, which may make it difficult to read, along with increasing resource utilization on the domain controller.

Here is the complete list of diagnostics logging settings for Windows Server 2003. Note that settings 20-24 are not available on Windows 2000-based domain controllers.

1 Knowledge Consistency Checker
 2 Security Events
 3 ExDS Interface Events
 4 MAPI Interface Events
 5 Replication Events
 6 Garbage Collection
 7 Internal Configuration
 8 Directory Access
 9 Internal Processing
 10 Performance Counters
 11 Initialization/Termination
 12 Service Control
 13 Name Resolution
 14 Backup
 15 Field Engineering
 16 LDAP Interface Events
 17 Setup
 18 Global Catalog
 19 Inter-site Messaging
 20 Group Caching
 21 Linked-Value Replication
 22 DS RPC Client
 23 DS RPC Server
 24 DS Schema

Using a graphical user interface

  1. Run regedit.exe from the command line or Start Run.
  2. In the left pane, expand HKEY_LOCAL_MACHINE System CurrentControlSet Services NTDS Diagnostics.
  3. In the right pane, double-click on the diagnostics logging entry you want to increase, and enter a number (0-5) based on how much you want logged.
  4. Click OK.

Using a command-line interface

> reg add HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics /v "
" /t REG_DWORD /d <0-5>

Using VBScript

' This code sets the specified diagnostics logging level
strDC   = "<DomainControllerName>"  ' e.g., dc01
strLogSetting = "<LoggingSetting>"  ' e.g., 1 Knowledge Consistency Checker
intFlag = <FlagValue>               ' Flag value in decimal, e.g., 5
' ------ END CONFIGURATION ---------
const HKLM = &H80000002
strRegKey = "SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics"
set objReg = GetObject("winmgmts:\\" & strDC & "\root\default:StdRegProv")
objReg.SetDwordValue HKLM, strRegKey, strLogSetting, intFlag
WScript.Echo "Diagnostics logging for " & strLogSetting _
             & " set to " & intFlag