Active Directory MVP Brian Desmond just posted a great blog entry which describes the generic registry settings he makes on a new Domain Controller.
The ones which are particularly important for any Domain Admin are the diagnostic logging settings for the Active Directory services. Any dedicated admin should keep a watchful eye on their DCs and know exactly what is going on with them. Making effective use of Diagnostic Logging is one of the best ways you can do this. By default, only errors are logged by Active Directory, something which isn’t useful for day-to-day monitoring and administration.
In the above linked blog post, Brian adds a line to ensure Active Directory logs the white space available in the database (also known as ‘the DIT file’ – from NTDS.DIT) after Garbage Collection does its work and removes objects permanently from the database. For any Exchange Server admin, you will be familiar with the concept of white space in the databases. The Active Directory DIT file uses the ESE storage engine in the same way as Exchange does, meaning white space is also left in the Active Directory database as objects are removed.
There are a few Microsoft support sites which explain all the diagnostic logging settings (there are several) in more detail, how to enable each setting and set the logging level. I’d suggest you take a look at this one to begin with: http://technet.microsoft.com/en-us/library/cc961809.aspx.
Happy Diagnostic Logging!
