How to Configure Active Directory Diagnostic Event Logging

open a command prompt and open regedit

Navigate to registry key:

Each entry that is displayed in the right pane of the Registry Editor window represents a type of event that Active Directory can log. All entries are set to the default value of 0 (None).

Configure event logging for component you wish to monitor for more detail:
double-click the entry that represents the type of event for which you want to log. For example, Security Events.

Change the value for the logging level from zero to the log level you desire.

Logging levels:
0 (None): Only critical events and error events are logged at this level. This is the default setting for all entries, and it should be modified only if a problem occurs that you want to investigate.

1 (Minimal): Very high-level events are recorded in the event log at this setting. Events may include one message for each major task that is performed by the service. Use this setting to start an investigation when you do not know the location of the problem.

2 (Basic)

3 (Extensive): This level records more detailed information than the lower levels, such as steps that are performed to complete a task. Use this setting when you have narrowed the problem to a service or a group of categories.

4 (Verbose)

5 (Internal): This level logs all events, including debug strings and configuration changes. A complete log of the service is recorded. Use this setting when you have traced the problem to a particular category of a small set of categories.

This works for Windows 2000, 2003, 2008