16.18.1 ProblemYou want to change the default tombstone lifetime for a domain. 16.18.2 Solution16.18.2.1 Using a graphical user interface
16.18.2.2 Using a command-line interfaceCreate an LDIF file called change_tombstone_lifetime.ldf with the following contents: dn: cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,<ForestRootDN> changetype: modify replace: tombstoneLifetime tombstoneLifetime: <NumberOfDays> - then run the following command: > ldifde -v -i -f change_tombstone_lifetime.ldf 16.18.2.3 Using VBScript' This code modifies the default tombstone lifetime ' ------ SCRIPT CONFIGURATION ------ intTombstoneLifetime = <NumberOfDays> ' ------ END CONFIGURATION --------- set objRootDSE = GetObject("LDAP://RootDSE") set objDSCont = GetObject("LDAP://cn=Directory Service,cn=Windows NT," & _ "cn=Services," & objRootDSE.Get("configurationNamingContext") ) objDSCont.Put "tombstoneLifetime", intTombstoneLifetime objDSCont.SetInfo WScript.Echo "Successfully set the tombstone lifetime to " & _ intTombstoneLifetime 16.18.3 DiscussionIt is not recommended that you change this setting unless you have a very good reason. Lowering this value below the 60-day default, also lowers the length of time a backup of Active Directory is good for. See Introduction in Chapter 16 and Recipe 16.16 for more information on tombstone (deleted) objects and the tombstone lifetime. 16.18.4 See AlsoRecipe 16.13 for more on the garbage collection process, MS KB 198793 (The Active Directory Database Garbage Collection Process), MS KB 216993 (Backup of the Active Directory Has 60-Day Useful Life), and MS KB 314282 (Lingering Objects May Remain After You Bring an Out-of-Date Global Catalog Server Back Online) |