I noticed that our Windows Server 2019 DCs were logging excessive amounts of AD and LDAP log entries - noticeably more than what I have been used to seeing over the years. In tracking down why I noted that if I went to \HKEY_LOCAL_MACHINE\SYSTEM
tics that the log settings were set for "16 LDAP Interface Events" and "8 Directory Access" to log level 3 for the LDAP logs and 5 for the AD logs, which clearly explains the excessive logging.
This is the MS KB I used to determine the diagnostic log settings and locations: https://support.microsoft.com/en-us/help/314980/how-to-configure-active-directory-and-lds-diagnostic-event-logging
So, I manually changed each of 4 DCs (all running Win Server 2019 DC 1089 and patched up to date and healthy otherwise) so that the logging levels of LDAP and AD are set to 0. I make the registry change, close the registry, reopen, hit F5 to view the changes, they display as 0. Some time in the next 15 minutes or so I come back and check the logs and they have started logging excessively again, so I check the registry keys and they are reset back to 3 for LDAP and 5 for Directory Access. So, I do the changes again, reboot the server, check the changes and they are fine on reboot but 10-15 minutes later the log levels revert to the original values (3 and 5).
I have made a registry txt file to insert the keys and they insert fine and 15 minutes later revert. This is true on all 4 DCs. It seems as if some scheduled task or some other background process is intervening to change the diagnostic log settings back to their original values.
Since I am the person who rolled these server and integrated them into the environment and the sole support for them this should be pretty straightforward.
I thought I would reach out to the community and ask for ideas.