Sponsored Links
The
tombstone lifetime in an Active Directory forest determines how long a deleted
object - aka a ‘tombstone’ - is retained in Active Directory. The tombstone
lifetime is determined by the value of the tombstoneLifetime
attribute on the Directory Service object in the configuration directory
partition.
Tombstone
Lifetime assists in removing objects from replicated servers and preventing
restores from reintroducing a deleted object. Actually when an object is
deleted from Active Directory, it is not physically removed from the Active
Directory for some days. Instead, the Active Directory sets the ‘isDeleted’ attribute of the deleted object to TRUE and move it to a special
container called ‘Tombstone’.
- ·
The default Tombstone Life time period is 60 days in Windows
Server 2003
- ·
But the default Tombstone Lifetime period has been changed in
Windows Server 2003 SP1 and later to 180 days.
The
tombstone lifetime attribute remains same on all the domain controllers and it
is deleted from all the servers at the same time. This is because the
expiration of a tombstone lifetime is based on the time when an object was
deleted logically from the Active Directory, rather than the time when it is
received as a tombstone on a server through replication.
Reconfiguring
Tombstone Lifetime:
As I
mentioned earlier, Default period of Tombstone Life time is 180 days in Windows
Server 2003 SP2 or later. This is because the value of tombstoneLiftetime object is
The default
Tombstone Lifetime can be modified through ADSIEDIT console, if necessary. But
I would like to remind you that, the longer tombstone lifetime decreases the
chance that a deleted object remains in the local directory of a disconnected
DC beyond the time when the object is permanently deleted from online DCs.
This
attribute is located in the below path:
cn=Directory Service,cn=Windows
NT,cn=Services,cn=Configuration,dc=
To Change
the Value, go to:
Run >
ADSIEDIT.msc
Expand:
Configuration > CN= Configuration > CN=Services > CN=Windows NT > and right click on CN= Directory Service
You will
get an attribute window, Drill down to tombstoneLiftime, and
double click it. You will get a field to type down the value, type the value
you intended and click OK.
The below
picture will help you out to reach the correct object.
For
further reading on Tombstone Lifetime, I recommend you below Microsoft links:
