I have been asked in
many interviews that what is Active directory database is and where the logs
would be located? It’s a tricky question and the people who also good in AD
administration might be overlooked. Even I am one of the persons of thatJ. I decided to talk
about this and wanted to post here something which I learnt today.
Active Directory
Active directory database is
a repository for users and computers and it is a centralized database which keeps track of
all the user accounts and passwords in organization which allows storing user
accounts and passwords in one protected location to improve organization's
security.
The Active Directory
database consists of objects and attributes. Objects and attribute definitions
are stored in the Active Directory schema, Active directory consists of 4
partitions those are Domain, Configuration, and Schema and Application
partitions.
Active Directory records
events to the Directory Services log of Event Viewer. You can use the
information that is collected in the log to help you diagnose and resolve
possible problems or monitor the activity of Active Directory-related events on
your server.
By default, Active Directory records only critical events and error events in
the Directory Service log. To configure Active Directory to record other
events, you must increase the logging level by editing the registry.
Active Directory
Diagnostic Event Logging
The
registry entries that manage diagnostic logging for Active Directory are stored
in the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics
Go to >> Run >> regedit, click Yes
Expand the Services and Select NTDS settings, then Select Diagnostics,
right side of the pane you can view list of the REG_DWORD options.
Logging
Levels
Each
entry can be assigned a value from 0 through 5, and this value determines the
level of detail of the events that are logged. The logging levels are described
as:
·  0 (None): Only critical
events and error events are logged at this level. This is the default setting
for all entries, and it should be modified only if a problem occurs that you
want to investigate.
·  1 (Minimal): Very
high-level events are recorded in the event log at this setting. Events may
include one message for each major task that is performed by the service. Use
this setting to start an investigation when you do not know the location of the
problem. 
·  2 (Basic)
·  3 (Extensive): This level
records more detailed information than the lower levels, such as steps that are
performed to complete a task. Use this setting when you have narrowed the
problem to a service or a group of categories.
·  4 (Verbose)
·  5 (Internal :): This level
logs all events, including debug strings and configuration changes. A complete
log of the service is recorded. Use this setting when you have traced the
problem to a particular category of a small set of categories.
Select any of the REG_DWORD option
which you want to see the diagnostic logging. Based on the above options select
an option and change the value.
PS: I wanted to remind you here that
modifying higher logging levels increases the number of entries recorded in the
event log and you may not scrutinize as desire. Similarly high logging levels
reduce the server performance.
Source Articles:
Your valuable feedback on this article is
most appreciated 
Regards, Raju
This
posting is provided "as is" with no warranties and confers no rights.