Active Directory is complex. One can begin to have problems which are difficult to diagnose. You can enable enhanced logging for many AD components and events:

• Knowledge Consistency Checker
• Inialization/Termination
• Service Control
• Name Resolution
• Backup
• LDAP Interface Events
• Global Catalog
• Inter-site Messaging
• Security Events
• ExDS Interface Events
• MAPI Interface Events
• Replication Events
• Directory Access

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\NTDS
Name: Diagnostics
Type: REG_DWORD
Set Diagnostics=5 for maximum logging, Diagnostics=3 for medium logging, Diagnostics=1 for minimal logging, and Diagnostics=0 for no verbose AD logging. Be careful with the more verbose settings, they will consume resources but if you have problems, this information can be invaluable. Reset to none or minimal once the problem has been resolved to return to maximum performance levels.

Keywords: Windows 2000 Registry Tip, Control enhanced event logging for Active Directory, event logs, kcc logging, name resolution event logging, ldap logging, global catalog monitoring, logging