Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Where are Active Directory log files stored

Posted on 2009-05-06
6
Medium Priority
?
18,402 Views
Last Modified: 2012-05-06
I would like to look at the active directory log files but have no idea where they are stored. We are using server 2003.
0
Comment
Question by:terryw-sec
6 Comments
 
LVL 3

Expert Comment

by:ISWSIMBX
ID: 24318604
It's located at %systemroot%\NTDS
0
 
LVL 3

Expert Comment

by:ISWSIMBX
ID: 24318626
Here is a little more information on each of the files:

NTDS.DIT
-Active Directory Storage File
-Maintains 3 Tables: Data Table, Link Table, Security Descriptor Table
EDB.LOG
-Current Transaction Log
-All Transactions created here before being committed to NTDS.DIT
EDB****.LOG
-Logs that are complete and committed to NTDS.DIT
EDB.CHK
-Checkpoint file (JET) used to identify committed vs. uncommitted transactions
RES1.LOG and RES2.LOG
-Reserved space for EDB.LOG
-Each file is 10mb
0
 
LVL 3

Accepted Solution

by:
ISWSIMBX earned 2000 total points
ID: 24318653
Since I couldn't be bothered to put everything into one post, here is another way to check in the registry.  Check this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

That will contain the location of your DIT file and your AD Log Files.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 24318666
Out of curiousity, what are you actually trying to accomplish? The EDB***.log files are not in any kind of reasonably human-readable format. If you are attempting to view System errors or security audit information, this will appear in the Event Viewer on each domain controller.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24320111
Not sure if you may be looking for readable .log files like Laura mentioned.  If you wanted to see dcpromo logs and some other logs you can read look at the logs in:
%systemroot%\debug
Thanks
Mike
0
 

Author Comment

by:terryw-sec
ID: 24356659
Thank you for all your input and help.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question