Home  Tutorials  System Center Orchestrator


How to remove netlogon.log content on all Domain Controllers within an AD domain using Orchestrator (EN)

Introduction

 

Netlogon.log is a log file that exists on all Domain Controllers and is used to monitor the activity level of Active Directory or to investigation problems.

 

Netlogon.log file uses a circular logging: When netlogon.log reaches approximately 20 MB of its size (This is a default value that can be changed), it will be renamed to netlogon.bak file. If there is already a file named netlogon.bak then it will be overwritten. This process controls the size of the log file by setting a maximum value. However, an AD administrator might need to remove immediately netlogon.log content on all the Domain Controllers to get only new events (Example: An AD administrator may need to get only events about missing AD subnets after corrections he did).

 

This article shows how netlogon.log content can be removed on all Domain Controllers within an AD domain.

 

 

 

How to remove netlogon.log content

 

To remove netlogon.log content on a Domain Controllers, the following should be done:

  • We stop Netlogon service
  • We remove netlogon.log file
  • We start Netlogon service

When Netlogon service is started, a new empty netlogon.log file will be created.

 

 

 

How to use Orchestrator to remove netlogon.log content on all Domain Controllers within an AD Domain

 

To use Orchestrator to remove netlogon.log content on all Domain Controllers within an AD Domain, all you need are Orchestrator Runbooks to:

  • Identify the list of Domain Controllers within an AD Domain
  • Process the service start / stop and file removal operations on each Domain Controller

The Runbooks can be configured to run on-demand or periodically. In this article, we will be sharing how to create Runbooks that can be launched on-demand.

 

 

 

Configuration of Orchestrator

 

You will need to have two Runbooks to process netlogon.log content removal on all Domain Controllers within an AD Domain:

  • A Runbook to get the list of Domain Controllers within an AD Domain
  • A Runbook to stop Netlogon service, remove netlogon.log file and then start Netlogon service

Let’s start with the second Runbook. You will need to use four (4) activities:

  • Initialize Data: It will allow the Runbook to take the Domain Controller name as input

  

  

  • Start/Stop Service: It will stop Netlogon service on the Domain Controller specified as input in the previous activity

 

 

  

 

  • Start/Stop Service: It will start Netlogon service on the Domain Controller

 

 

Below is a screen capture of all the activities included in the second Runbook:

 

 

Once you have created the second Runbook, you can proceed with the creation of the first one. You will need to use two (2) activities:

 

  

  • Invoke Runbook: It will allow you to run the second Runbook and to provide Host name for every Domain Controller in the Domain as input.

  

 

Below is a screen capture of all the activities included in the first Runbook:

 

 

 

 

Conclusion

 

This article shares a way to remove netlogon.log content on all Domain Controllers within an AD Domain. The described Runbooks can be launched when an AD administrator needs to initiate the removal of netlogon.log content on Domain Controllers and will automatically process all the required operations / changes.