15.2. Enabling Diagnostics Logging

Problem

You want to enable diagnostics event logging because the current level of logging is not providing enough information to help pinpoint the problem you are troubleshooting.

Solution

Using a graphical user interface

Run regedit.exe from the command line or Start → Run.
In the left pane, expand HKEY_LOCAL_MACHINE → System → CurrentControlSet → Services → NTDS → Diagnostics.
In the right pane, double-click on the diagnostics logging entry you want to increase, and enter a number (0-5) based on how much you want logged.
Click OK.

Using a command-line interface

> reg add HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics /v[RETURN]
"<LoggingSetting>" /t REG_DWORD /d <0-5>

Using VBScript

' This code sets the specified diagnostics logging level
' ------ SCRIPT CONFIGURATION ------
strDC   = "<DomainControllerName>"  ' e.g. dc01
strLogSetting = "<LoggingSetting>"  ' e.g. 1 Knowledge Consistency Checker
intFlag = <FlagValue>               ' Flag value in decimal, e.g. 5
' ------ END CONFIGURATION ---------

const HKLM = &H80000002
strRegKey = "SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics"
set objReg = GetObject("winmgmts:\\" & strDC & "\root\default:StdRegProv")
objReg.SetDwordValue HKLM, strRegKey, "LogFlags", intFlag
WScript.Echo "Diagnostics logging for " & strLogSetting _
             & " set to " & intFlag

Discussion

A useful way to troubleshoot specific problems you are encountering with Active Directory is to increase the diagnostics logging level. Diagnostics logging ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Active Directory Cookbook by