Can I disable the circular logging method in Active Directory?

Posted on January 7, 2009 by Daniel Petri in Active Directory with 0 Comments

Actually you do NOT need to do anything…

Windows 2000/2003 Active Directory uses circular logging for maintaining transactions in the database (Ntds.dit). The log files are maintained until the data they contain is committed to the database. It uses these log files to recover transactions if the database is shut down in an inconsistent state (for example, as a result of a power failure or a blue-screen error message).


In Windows 2000 and Windows Server 2003, there is currently no way to disable or turn off circular logging.

With Microsoft Exchange, Microsoft currently recommends that administrators turn this feature off, or never turn it on in the first place (unless the server is used as a Front end server). In Windows 2000/2003, this is not the case.

There is no documented or supported way to disable this feature in Windows 2000/2003. Because of the redundancy built into Active Directory with multiple domain controllers within a given organization and domain, Windows 2000/2003 has been optimized to use circular logging. Administrators should be able to successfully recover a domain controller with a solid backup strategy and at least one replica domain controller per domain in the organization.

When Windows 2000/2003 performs a database write operation, it records the transaction in a log file and shortly thereafter writes the transaction to memory. When the system has time or at system shutdown, the transactions are written to the database file.

Windows 2000/2003 records the transaction in the current log file (Edb.log), which is 10 megabytes (MB) in size. When it fills the current file, it creates a new log file (for example, Edb00001.log). The log files continue to be incremented, but circular logging purges the oldest file when the transactions within the log have been committed to the database. There are also two reserve log file named Res1.log and Res2.log. These files are used as placeholders in the event that the system runs out of disk space. Each file is also 10 MB in size.

Windows 2000/2003 also maintains a checkpoint file (Edb.chk) that records which transactions within the log have been committed to the database. If the computer stops responding (hangs), Extensible Storage Engine (ESE) can detect an improper shutdown by checking the last log recorded. If the last record is not a “shutdown” record, it replays the logs from the checkpoint. This event occurs at the first reboot after the system is shut down improperly. If the checkpoint file is missing for any reason, every transaction within the log file is replayed.


Circular Logging for Active Directory – 247715

Enabling or Disabling Circular Logging in Exchange 2000 – 147523

Ntbackup.exe Does Not Truncate Active Directory Logs During a System-State Backup – 272425