Monday, 15 August 2016

Enable verbose AD login / authentication logging with Server 2003/2008/2012

I came across the following article when attempting to troubleshoot some locked out accounts - of course we can enable failed authentication attempts on the DC with group policy - although in some cases source information can be missing - we can enable this by issuing the following command on the DC:

Nltest /DBFlag:2080FFFF

This will enable verbose login information logging - which will be written to:

%windir%\debug\netlogon.log

If this file does not appear shortly after it may be necessary to restart the netlogon service:

net stop netlogon

net start netlogon

When you are finished you can disable the verbose logging with:

Nltest /DBFlag:0x0

and again it may be necessary to restart the netlogon service:

net stop netlogon

net start netlogon

0 comments:

Post a comment