Sometimes the event logs just don’t give you enough information for what you’re troubleshooting. You can get a little more information by turning on diagnostic logging for a particular service.
Diagnostic logging for domain controllers is managed in the following registry location:
Logging can be configured by modifying these REG_DWORD entries:
1 Knowledge Consistency Checker (KCC) 2 Security Events 3 ExDS Interface Events 4 MAPI Interface Events 5 Replication Events 6 Garbage Collection 7 Internal Configuration 8 Directory Access 9 Internal Processing 10 Performance Counters 11 Initialization/Termination 12 Service Control 13 Name Resolution 14 Backup 15 Field Engineering 16 LDAP Interface Events 17 Setup 18 Global Catalog 19 Inter-site Messaging 20 Group Caching 21 Linked-Value Replication 22 DS RPC Client 23 DS RPC Server 24 DS Schema
Edit them by hand, script them, or use Group Policy Preferences to push them out. I would recommend using GPO Preferences to keep them to the values that you want so that it’s not so easy for someone to change them without your knowledge.
Diagnostic Logging Levels
The values below are used to configure the level of diagnostic logging provided by the host:
|0||None||Only - critical events and error events are logged at this level. This is the - default setting for all entries, and it should be modified only if a problem - occurs that you want to investigate|
|1||Minimal||Very - high-level events are recorded in the event log at this setting. Events may - include one message for each major task that is performed by the service. Use - this setting to start an investigation when you do not know the location of - the problem|
|3||Extensive||This - level records more detailed information than the lower levels, such as steps - that are performed to complete a task. Use this setting when you have - narrowed the problem to a service or a group of categories|
|5||Internal||This - level logs all events, including debug strings and configuration changes. A - complete log of the service is recorded. Use this setting when you have - traced the problem to a particular category of a small set of categories|
Configure with PowerShell
Use the following PowerShell example to configure logging levels:
Enable NetLogon Logging
After enabling Netlogon logging the activity will be logged to %windir%\debug\netlogon.log. Depending on the amount of activity you may want to increase the size of this log from the default 20 MB. - When the file reaches 20 MB, it is renamed to Netlogon.bak, and a new Netlogon.log file is created.
The size of the Netlogon.log file can be increased by changing the MaximumLogFileSize registry entry. This registry entry does not exist by default.
Configure log size with PowerShell:
Configure log size with Group Policy:
Turn on NetLogon Logging
Turn off NetLogon Logging