15.11. Using Perfmon Trace Logs to Monitor AD

Problem

You want to enable Perfmon Trace Logs to view system level calls related to Active Directory.

Solution

  1. Open the Performance Monitor.

  2. In the left pane, expand Performance Logs and Alerts.

  3. Right-click on Trace Logs and select New Log Settings.

  4. Enter a name for the log and click OK.

  5. Click the Add button.

  6. Highlight one or more of the Active Directory providers and click OK.

  7. Use the tabs to configure additional settings about the log.

  8. When you are done, click OK.

  9. Unless you’ve scheduled it to run at a different time, the trace log you created should show up in the right pane next to a green icon, which indicates it is running.

  10. To stop the Trace Log, right-click on it in the right pane and select Stop.

  11. Now open up a command shell (cmd.exe).

  12. Use cd to change into the directory where the trace log files are stored (c:\perflogs by default).

  13. Run the following command:

    > tracerpt <LogFileName>

This command is available by default with Windows Server 2003. On Windows 2000, you’ll need to use the Resource Kit utility called tracedmp.exe.

The tracerpt command generates a summary.txt file that summarizes all of the events by total. A second file called dumpfile.csv is created that can be imported into Excel or viewed with a text viewer to show the details of each event.

Discussion

Trace Logs capture detailed system and application level events. Applications support Trace Log capability by developing a Trace Log Provider. Active Directory supports several providers ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial