HOW TO: Disable circular logging in Active Directory


The Windows 2000 Server and Windows Server 2003 implementations of the Active Directory database use circular logging by default. By default there are two 10 MB log files (and two 10MB reserve files) that are used for logging database write operations, although if enough transactions justify it, the database (Jet Blue) will use additional logs until the transactions are able to be verified as committed and the extra files pruned back to two again. It has always been said that you cannot turn this feature off. This article explains how to turn this feature off.

Disabling circular logging

To override the default behaviour and turn off circular logging, the following registry value needs to be modified:

Registry key: HKLM\ System\ CurrentControlSet\ Services\ NTDS\ Parameters
Registry value: DSA Heuristics (REG_DWORD)
Data: 0000000100

Note. This is an undocumented, and therefore probably unsupported, value. The defaults are generally the best option. Don’t change this default unless you know why you are doing this, and what the implications of doing so are.

More information on circular logging and directory write operations

Database [write] operations are written to the database as a transaction, which means that each write operation is a single unit of work performed by the database. These transactions are atomic, meaning that they either occur or they don’t - they cannot be partially completed. Transactions are written synchronously to the transaction log file and then the database. The change is first written to an in-memory copy of the object, and then to the log file. Writing the information to the log file ensures that the operation is committed, even in the event of a failure, as anything in the log file, since the last checkpoint, will be committed to the database as soon as possible.

The checkpoint file (EDB.CHK) logs the last change to be committed to the database. If a domain controller is restored, or simply boots from a power outage, the check file is checked and any transactions since the last success are committed to the database from the log files. If there’s no check point file, all changes in the log file are committed.

Active directory uses two log files by default, however if the rate of changes is so high that more are written to the log files than can be processed (committed to the actual data store), additional log files will be used. When the rate of changes reduces, the transactions are committed and the extra log files are pruned until there is only two again.

Note. It is very rare that there are more than two transaction log files. It will often happen in test labs whereby hundreds of thousands of objects are being created by code, particularly on lesser specification systems such as virtual machines, but should never really happen in production.

Additional information

For additional information, please refer to the Microsoft Active Directory technical documentation:

How the data store works: http://technet2.microsoft.com/WindowsServer/en/library/54094485-71f6-4be8-8ebf-faa45bc5db4c1033.mspx?mfr=true

Document information

Author: Paul Williams
Written: 06-09-2006
Version: 2.0
Last updated: 25-07-2007
Last updated by: Paul Williams



Del.icio.us!Technorati!StumbleUpon!Furl!