Active Directory

Can I disable the circular logging method in Active Directory?

Actually you do NOT need to do anything…

Windows 2000/2003 Active Directory uses circular logging for maintaining transactions in the database (Ntds.dit). The log files are maintained until the data they contain is committed to the database. It uses these log files to recover transactions if the database is shut down in an inconsistent state (for example, as a result of a power failure or a blue-screen error message).

In Windows 2000 and Windows Server 2003, there is currently no way to disable or turn off circular logging.

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

With Microsoft Exchange, Microsoft currently recommends that administrators turn this feature off, or never turn it on in the first place (unless the server is used as a Front end server). In Windows 2000/2003, this is not the case.

There is no documented or supported way to disable this feature in Windows 2000/2003. Because of the redundancy built into Active Directory with multiple domain controllers within a given organization and domain, Windows 2000/2003 has been optimized to use circular logging. Administrators should be able to successfully recover a domain controller with a solid backup strategy and at least one replica domain controller per domain in the organization.

When Windows 2000/2003 performs a database write operation, it records the transaction in a log file and shortly thereafter writes the transaction to memory. When the system has time or at system shutdown, the transactions are written to the database file.

Windows 2000/2003 records the transaction in the current log file (Edb.log), which is 10 megabytes (MB) in size. When it fills the current file, it creates a new log file (for example, Edb00001.log). The log files continue to be incremented, but circular logging purges the oldest file when the transactions within the log have been committed to the database. There are also two reserve log file named Res1.log and Res2.log. These files are used as placeholders in the event that the system runs out of disk space. Each file is also 10 MB in size.

Windows 2000/2003 also maintains a checkpoint file (Edb.chk) that records which transactions within the log have been committed to the database. If the computer stops responding (hangs), Extensible Storage Engine (ESE) can detect an improper shutdown by checking the last log recorded. If the last record is not a “shutdown” record, it replays the logs from the checkpoint. This event occurs at the first reboot after the system is shut down improperly. If the checkpoint file is missing for any reason, every transaction within the log file is replayed.


Circular Logging for Active Directory – 247715

Enabling or Disabling Circular Logging in Exchange 2000 – 147523

Ntbackup.exe Does Not Truncate Active Directory Logs During a System-State Backup – 272425

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Don't leave your business open to attack! Come learn how to protect your AD in this FREE masterclass!REGISTER NOW - Thursday, December 2, 2021 @ 1 pm ET

Active Directory (AD) is leveraged by over 90% of enterprises worldwide as the authentication and authorization hub of their IT infrastructure—but its inherent complexity leaves it prone to misconfigurations that can allow attackers to slip into your network and wreak havoc. 

Join this session with Microsoft MVP and MCT Sander Berkouwer, who will explore:

  • Whether you should upgrade your domain controllers to Windows Server
    2019 and beyond
  • Achieving mission impossible: updating DCs within 48 hours
  • How to disable legacy protocols and outdated compatibility options in
    Active Directory

Sponsored by: