Recipe 16.18 Modifying the Tombstone Lifetime for a Domain

16.18.1 Problem

You want to change the default tombstone lifetime for a domain.

16.18.2 Solution

16.18.2.1 Using a graphical user interface

16.18.2.2 Using a command-line interface

Create an LDIF file called change_tombstone_lifetime.ldf with the following contents:

dn: cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,<ForestRootDN>
changetype: modify
replace: tombstoneLifetime
tombstoneLifetime: <NumberOfDays>
-

then run the following command:

> ldifde -v -i -f change_tombstone_lifetime.ldf

16.18.2.3 Using VBScript

' This code modifies the default tombstone lifetime
' ------ SCRIPT CONFIGURATION ------
intTombstoneLifetime = <NumberOfDays>
' ------ END CONFIGURATION ---------

set objRootDSE = GetObject("LDAP://RootDSE")
set objDSCont = GetObject("LDAP://cn=Directory Service,cn=Windows NT," & _
                "cn=Services," & objRootDSE.Get("configurationNamingContext") )
objDSCont.Put "tombstoneLifetime", intTombstoneLifetime
objDSCont.SetInfo
WScript.Echo "Successfully set the tombstone lifetime to " & _
             intTombstoneLifetime

16.18.3 Discussion

It is not recommended that you change this setting unless you have a very good reason. Lowering this value below the 60-day default, also lowers the length of time a backup of Active Directory is good for. See Introduction in Chapter 16 and Recipe 16.16 for more information on tombstone (deleted) objects and the tombstone lifetime.

16.18.4 See Also

Recipe 16.13 for more on the garbage collection process, MS KB 198793 (The Active Directory Database Garbage Collection Process), MS KB 216993 (Backup of the Active Directory Has 60-Day Useful Life), and MS KB 314282 (Lingering Objects May Remain After You Bring an Out-of-Date Global Catalog Server Back Online)