Can I change the type of logging that Active Directory (AD) uses?

A. First, let me explain the AD logging process. AD uses an Extensible Storage Engine (ESE) instance named ntds.dit. As with most resilient databases, transaction log files are used for the initial physical write of changes, which are then applied to the database file when the system has lulls in activity. You can configure transaction logs to be circular, which means as transactions are committed to the database the older log file is automatically deleted. Without circular logging, the transaction files are kept until an action (e.g., a full backup) forces them to be deleted. (Non-circular logging is recommended for ESE instances that Microsoft Exchange Server uses.)

The AD log file is named edb.log and is set at 10MB in size. When the file is full, AD creates a new log file (e.g., edb00001.log--the number increments in hexadecimal). After all transactions in the old log file are committed, AD deletes the file's contents, and can reuse it. In reality, only edb.log is written to. If edb.log is full, a new log file, Edbtemp.log, is created; the current edb.log file is renamed to edbnnnnn.log (e.g., Edb00001.log); and edbtemp.log is renamed to edb.log. After the contents of edb00001.log are written to the database, edb00001.log is deleted.

In addition, the files res1.log and res2.log, which are also 10MB, reserve disk space in case the system disk is full and more transactions need to be written. In such cases, one of the reservation files is renamed and used. You might also see a temp.edb file, which is a spare place to store information about current transactions and for compaction purposes.

Finally, a checkpoint file (edb.chk) records each transaction that has been written to the database from the transaction logs and is used if transaction logs must be "replayed" after an unclean shutdown.

Because AD is a multimaster database with copies of the data on multiple servers, circular logging is the most efficient logging mechanism. Currently you can't turn off circular logging for an AD instance.

TAGS: Windows 8
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.