Solved

Where are Active Directory log files stored

Posted on 2009-05-06
6
14,459 Views
Last Modified: 2012-05-06
I would like to look at the active directory log files but have no idea where they are stored. We are using server 2003.
0
Comment
Question by:terryw-sec
6 Comments
 
LVL 3

Expert Comment

by:ISWSIMBX
ID: 24318604
It's located at %systemroot%\NTDS
0
 
LVL 3

Expert Comment

by:ISWSIMBX
ID: 24318626
Here is a little more information on each of the files:

NTDS.DIT
-Active Directory Storage File
-Maintains 3 Tables: Data Table, Link Table, Security Descriptor Table
EDB.LOG
-Current Transaction Log
-All Transactions created here before being committed to NTDS.DIT
EDB****.LOG
-Logs that are complete and committed to NTDS.DIT
EDB.CHK
-Checkpoint file (JET) used to identify committed vs. uncommitted transactions
RES1.LOG and RES2.LOG
-Reserved space for EDB.LOG
-Each file is 10mb
0
 
LVL 3

Accepted Solution

by:
ISWSIMBX earned 500 total points
ID: 24318653
Since I couldn't be bothered to put everything into one post, here is another way to check in the registry.  Check this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

That will contain the location of your DIT file and your AD Log Files.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 24318666
Out of curiousity, what are you actually trying to accomplish? The EDB***.log files are not in any kind of reasonably human-readable format. If you are attempting to view System errors or security audit information, this will appear in the Event Viewer on each domain controller.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24320111
Not sure if you may be looking for readable .log files like Laura mentioned.  If you wanted to see dcpromo logs and some other logs you can read look at the logs in:
%systemroot%\debug
Thanks
Mike
0
 

Author Comment

by:terryw-sec
ID: 24356659
Thank you for all your input and help.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now