Recipe 16.18 Modifying the Tombstone Lifetime for a Domain

16.18.1 Problem

You want to change the default tombstone lifetime for a domain.

16.18.2 Solution

16.18.2.1 Using a graphical user interface
  1. Open ADSI Edit.

  2. In the left pane, expand cn=Configuration cn=Services cn=Windows NT.

  3. Right-click on cn=Directory Service and select Properties.

  4. Set the tombstoneLifetime attribute to the number of days that tombstone objects should remain in Active Directory before getting removed completely (the default is 60 days).

  5. Click OK.

16.18.2.2 Using a command-line interface

Create an LDIF file called change_tombstone_lifetime.ldf with the following contents:

dn: cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,<ForestRootDN> changetype: modify replace: tombstoneLifetime tombstoneLifetime: <NumberOfDays> -

then run the following command:

> ldifde -v -i -f change_tombstone_lifetime.ldf
16.18.2.3 Using VBScript
' This code modifies the default tombstone lifetime ' ------ SCRIPT CONFIGURATION ------ intTombstoneLifetime = <NumberOfDays> ' ------ END CONFIGURATION --------- set objRootDSE = GetObject("LDAP://RootDSE") set objDSCont = GetObject("LDAP://cn=Directory Service,cn=Windows NT," & _                 "cn=Services," & objRootDSE.Get("configurationNamingContext") ) objDSCont.Put "tombstoneLifetime", intTombstoneLifetime objDSCont.SetInfo WScript.Echo "Successfully set the tombstone lifetime to " & _              intTombstoneLifetime

16.18.3 Discussion

It is not recommended that you change this setting unless you have a very good reason. Lowering this value below the 60-day default, also lowers the length of time a backup of Active Directory is good for. See Introduction in Chapter 16 and Recipe 16.16 for more information on tombstone (deleted) objects and the tombstone lifetime.

16.18.4 See Also

Recipe 16.13 for more on the garbage collection process, MS KB 198793 (The Active Directory Database Garbage Collection Process), MS KB 216993 (Backup of the Active Directory Has 60-Day Useful Life), and MS KB 314282 (Lingering Objects May Remain After You Bring an Out-of-Date Global Catalog Server Back Online)



Active Directory Cookbook
Active Directory Cookbook, 3rd Edition
ISBN: 0596521103
EAN: 2147483647
Year: 2006
Pages: 456

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net