Solved

Where are Active Directory log files stored

Posted on 2009-05-06
6
16,026 Views
Last Modified: 2012-05-06
I would like to look at the active directory log files but have no idea where they are stored. We are using server 2003.
0
Comment
Question by:terryw-sec
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 3

Expert Comment

by:ISWSIMBX
ID: 24318604
It's located at %systemroot%\NTDS
0
 
LVL 3

Expert Comment

by:ISWSIMBX
ID: 24318626
Here is a little more information on each of the files:

NTDS.DIT
-Active Directory Storage File
-Maintains 3 Tables: Data Table, Link Table, Security Descriptor Table
EDB.LOG
-Current Transaction Log
-All Transactions created here before being committed to NTDS.DIT
EDB****.LOG
-Logs that are complete and committed to NTDS.DIT
EDB.CHK
-Checkpoint file (JET) used to identify committed vs. uncommitted transactions
RES1.LOG and RES2.LOG
-Reserved space for EDB.LOG
-Each file is 10mb
0
 
LVL 3

Accepted Solution

by:
ISWSIMBX earned 500 total points
ID: 24318653
Since I couldn't be bothered to put everything into one post, here is another way to check in the registry.  Check this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

That will contain the location of your DIT file and your AD Log Files.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 24318666
Out of curiousity, what are you actually trying to accomplish? The EDB***.log files are not in any kind of reasonably human-readable format. If you are attempting to view System errors or security audit information, this will appear in the Event Viewer on each domain controller.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24320111
Not sure if you may be looking for readable .log files like Laura mentioned.  If you wanted to see dcpromo logs and some other logs you can read look at the logs in:
%systemroot%\debug
Thanks
Mike
0
 

Author Comment

by:terryw-sec
ID: 24356659
Thank you for all your input and help.
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question