Sometimes the event logs just don’t give you enough information for what you’re troubleshooting. You can get a little more information by turning on diagnostic logging for a particular service.

Diagnostic logging for domain controllers is managed in the following registry location:

Logging can be configured by modifying these REG_DWORD entries:

1 Knowledge Consistency Checker (KCC) 2 Security Events 3 ExDS Interface Events 4 MAPI Interface Events 5 Replication Events 6 Garbage Collection 7 Internal Configuration 8 Directory Access 9 Internal Processing 10 Performance Counters 11 Initialization/Termination 12 Service Control 13 Name Resolution 14 Backup 15 Field Engineering 16 LDAP Interface Events 17 Setup 18 Global Catalog 19 Inter-site Messaging 20 Group Caching 21 Linked-Value Replication 22 DS RPC Client 23 DS RPC Server 24 DS Schema

Edit them by hand, script them, or use Group Policy Preferences to push them out. I would recommend using GPO Preferences to keep them to the values that you want so that it’s not so easy for someone to change them without your knowledge.

Diagnostic Logging Levels

The values below are used to configure the level of diagnostic logging provided by the host:

0 None Only - critical events and error events are logged at this level. This is the - default setting for all entries, and it should be modified only if a problem - occurs that you want to investigate
1 Minimal Very - high-level events are recorded in the event log at this setting. Events may - include one message for each major task that is performed by the service. Use - this setting to start an investigation when you do not know the location of - the problem
2 Basic
3 Extensive This - level records more detailed information than the lower levels, such as steps - that are performed to complete a task. Use this setting when you have - narrowed the problem to a service or a group of categories
4 Verbose
5 Internal This - level logs all events, including debug strings and configuration changes. A - complete log of the service is recorded. Use this setting when you have - traced the problem to a particular category of a small set of categories

Configure with PowerShell

Use the following PowerShell example to configure logging levels:

$Reg = “HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics
Set-ItemProperty -Path $Reg -Name <service> -Type DWORD -Value <value>

Enable NetLogon Logging

After enabling Netlogon logging the activity will be logged to %windir%\debug\netlogon.log. Depending on the amount of activity you may want to increase the size of this log from the default 20 MB. - When the file reaches 20 MB, it is renamed to Netlogon.bak, and a new Netlogon.log file is created.

The size of the Netlogon.log file can be increased by changing the MaximumLogFileSize registry entry. This registry entry does not exist by default.

Configure log size with PowerShell:

$Reg = “HKLM:\ SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
New-ItemProperty -Path -Name MaximumLogFileSize-  -Type DWORD -Value <Log-Size>

Configure log size with Group Policy:

Computer Configuration\Administrative Templates\System\Net Logon\Maximum Log File Size

Turn on NetLogon Logging

Command Line:

nltest /dbflag:0x2080ffff


Reg = “HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\
New-ItemProperty -Path -Name DBFlag -Type DWORD -Value 545325055

$Reg = “HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\
Set-ItemProperty -Path $Reg -Name DBFlag -Type DWORD -Value 545325055

Restart-Service netlogon

Turn off NetLogon Logging

Command Line:

nltest /dbflag:0x0


$Reg = “HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\
Set-ItemProperty -Path $Reg -Name DBFlag -Type DWORD -Value 0

Restart-Service netlogon