Active Directory Diagnostics@%systemroot%\system32\ntdsperf.dll,#2000Active Directory Diagnostics@%systemroot%\system32\ntdsperf.dll,#2001300%systemdrive%\perflogs\ADDS1yyyyMMdd\-NNNNNT KernelNtKernelNT Kernel Logger164200{9E814AAD-3204-11D2-9A82-006008A86939}0x000103031Active DirectoryActive Directory641200Active Directory: Kerberos KDC00Events up to this level are enabled10-10x0Events with any of these keywords are enabled20x0Events with all of these keywords are enabled20x0These additional data fields will be collected with each event20sidSecurity Identifier00x1sessionidSession Identifier00x2{24DB8964-E6BC-11D1-916A-0000F8045B04}Active Directory: Kerberos Client00Events up to this level are enabled10-10x0Events with any of these keywords are enabled20x0Events with all of these keywords are enabled20x0These additional data fields will be collected with each event20sidSecurity Identifier00x1sessionidSession Identifier00x2{BBA3ADD2-C229-4CDB-AE2B-57EB6966B0C4}Active Directory Domain Services: Core00Events up to this level are enabled10-10x0Events with any of these keywords are enabled20x0Events with all of these keywords are enabled20x0These additional data fields will be collected with each event20sidSecurity Identifier00x1sessionidSession Identifier00x2{1C83B2FC-C04F-11D1-8AFC-00C04FC21914}Active Directory Domain Services: SAM00Events up to this level are enabled12-10x0Events with any of these keywords are enabled20x0Events with all of these keywords are enabled20x0These additional data fields will be collected with each event20sidSecurity Identifier00x1sessionidSession Identifier00x2{8E598056-8993-11D2-819E-0000F875A064}NTLM Security Protocol00Events up to this level are enabled10-10x0Events with any of these keywords are enabled20x0Events with all of these keywords are enabled20x0These additional data fields will be collected with each event20sidSecurity Identifier00x1sessionidSession Identifier00x2{C92CF544-91B3-4DC0-8E11-C580339A0BF8}Local Security Authority (LSA)00Events up to this level are enabled10-10x0Events with any of these keywords are enabled20x0Events with all of these keywords are enabled20x0These additional data fields will be collected with each event20sidSecurity Identifier00x1sessionidSession Identifier00x2{cc85922f-db41-11d2-9244-006008269001}Performance Counter3\Process(*)\*\DirectoryServices(*)\*\PhysicalDisk(*)\*\Processor(*)\*\Memory\*\System\*\Server\*\Network Interface(*)\*\UDPv4\*\TCPv4\*\IPv4\*\UDPV6\*\TCPv6\*\IPv6\*AD Registry-1HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ldap\ldapclientIntegrityHKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Kdc\MaxDatagramReplySizeHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\DSA HeuristicsHKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\RID Values\RID Block SizeHKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\Schema Update AllowedHKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpWindowSizeHKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Tcp1323OptsHKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\MaxHashTableSizeHKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\NumTcbTablePartitionsHKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort-1-1200102410000130568016826report.html