Solved

Where are Active Directory log files stored

Posted on 2009-05-06
6
14,785 Views
Last Modified: 2012-05-06
I would like to look at the active directory log files but have no idea where they are stored. We are using server 2003.
0
Comment
Question by:terryw-sec
6 Comments
 
LVL 3

Expert Comment

by:ISWSIMBX
ID: 24318604
It's located at %systemroot%\NTDS
0
 
LVL 3

Expert Comment

by:ISWSIMBX
ID: 24318626
Here is a little more information on each of the files:

NTDS.DIT
-Active Directory Storage File
-Maintains 3 Tables: Data Table, Link Table, Security Descriptor Table
EDB.LOG
-Current Transaction Log
-All Transactions created here before being committed to NTDS.DIT
EDB****.LOG
-Logs that are complete and committed to NTDS.DIT
EDB.CHK
-Checkpoint file (JET) used to identify committed vs. uncommitted transactions
RES1.LOG and RES2.LOG
-Reserved space for EDB.LOG
-Each file is 10mb
0
 
LVL 3

Accepted Solution

by:
ISWSIMBX earned 500 total points
ID: 24318653
Since I couldn't be bothered to put everything into one post, here is another way to check in the registry.  Check this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

That will contain the location of your DIT file and your AD Log Files.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 24318666
Out of curiousity, what are you actually trying to accomplish? The EDB***.log files are not in any kind of reasonably human-readable format. If you are attempting to view System errors or security audit information, this will appear in the Event Viewer on each domain controller.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24320111
Not sure if you may be looking for readable .log files like Laura mentioned.  If you wanted to see dcpromo logs and some other logs you can read look at the logs in:
%systemroot%\debug
Thanks
Mike
0
 

Author Comment

by:terryw-sec
ID: 24356659
Thank you for all your input and help.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
local administrator password solution 26 78
Office 365 SSO and Shared Devices 6 41
AD Account Lockout 22 39
Using an internal domain name that you do not own 6 45
Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now