AD WS diagnostic logging

Reading Time: 2 minutes

I promised to get back to AD WS topic so here I am.  My last post was about the process of Active Directory Web Services (AD WS) instance location from a client perspective. When a client locates the service, in most cases, it is with the purpose to do something with it – query, update … . But what if something goes wrong and we want to troubleshoot this? Of course there is always network traffic analysis, but there is also an AD WS debug logging mechanism which can be used for it. All you need to do is turn it on. How??

(cc) ehpien

AD WS is a web service written in WCF and installed on every Windows Server 2008 R2-based DC. It is also available as the AD Management Gateway option for Windows Server 2003 and Windows Server 2008. The service has its own configuration stored in a file named Microsoft.ActiveDirectory.WebServices.exe.config, placed in the AD WS installation folder (%WINDIR%\ADWS by default).

Configuration parameters are described on these TechNet pages, however information about the diagnostic logging option is missing there. To configure this mechanism, alter the configuration file and add in an <appSettings> section with the following entries:

<add key="DebugLevel" Value="<log_level>" />

where log_level might be one of following values: None, Error, Warn or Info. Info is the highest level of debug mode, which will log full debug info and also the communication exchange between clients and the service. To configure where the debug information will be stored, add the following key to the config file:

<add key="DebugLogFile" value="<path to log file>" />

I think that options in this case are self explaining. Final configuration might look something like this:

<add key="DebugLevel" Value="Info" />
<add key="DebugLogFile" value="C:\ADWSLog\Adws_trace_log.txt" />

After making these changes in the configuration file, restart the service to make them take effect.

This change has to be introduced into each instance configuration separately. But it might be only a file copy operation – it depends on your environment.

One thing to remember – there is nothing like free debug operation – it always has some cost attached in performance. I don't know what this cost is in AD WS case but always consider it when you will decide to use it – especially in Info mode…