Understanding tombstone life time
As like you know each component in Active directory is called as objects, each deleted object usually called as tombstone. And the tombstone lifetime determines the time period that which the deleted objects holds on the directory service. Hence make sure that you will have necessary tombstone lifetime in your network which will help you in backup and restore process. In windows server 2003 it is 60 days and in 2008/R2 it is set to 180 days by default.
How to edit tombstone lifetime
1. In order to do the same open ADSIEDIT from ‘Administrative tools’
Start->Administrative tools->ADSI Edit
OR you can open it to using run command also.Start-> Run-> Type ‘adsiedit.msc’ and press enter.
2. Now you can have minimal function window of ADSIEDIT windows. Active Directory Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. You can use this service to query, view and edit each attributes of active directory. The typical window looks like,
3. From this window you need to connect to your configuration level that you required to view or edit. So right click on ‘ADSI Edit’ and select ‘Connect to’, since tombstone life time need to be edited in configuration level under ‘Connection Point’ make the ‘Select a well-known Naming Context’ as ‘configuration’ and press ‘OK’.
4. If you want to connect to a different domain controller from this server (computer), under ‘Computer’ click ‘Select or type a domain or server: (Server | Domain [:port])’. Provide the server name or the domain name and Lightweight Directory Access Protocol (LDAP) port (389), and then click ‘OK’.
5. Now you can see that you are connected to your domain configuration level and in order to expand the levels of it you need to double click on it.
Now double click on ‘Configuration, CN=Configuration, DC=ForestRootDomainName(Your forest root domain name). In order to edit tombstone lifetime double click on these values CN=Services, and CN=Windows NT. Once you are here select ‘CN=Directory services’ and right click on it->Properties.
6. Once you selected the properties you can see all the attributes of your particular directory service. Scroll down to the Attribute editor tab and you can see the attribute ‘tombstonelifetime’ (Default values of tombstone lifetime changes as per the OS and it is specified in top of this article).
7. Double click on tombstonelifetime and edit the value as required for you (The value determines in number of days)-> Press OK.
8. Click on Apply and OK buttons to complete this operation.
9. That’s it the steps to edit tombstone lifetime on a windows server.
Feel free to post your comments and queries…J