.png?width=100&auto=webp&quality=80&disable=upscale "Picture of John Savill")
.png?width=400&auto=webp&quality=80&disable=upscale "John Savill")
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Q. How can I check the tombstone lifetime of my Active Directory forest?
John Savill
February 17, 2010
1 Min Read
A. Windows will use a 60-day tombstone lifetime (TSL) if no value is set in the forest's configuration. The domain controller promotion wizards for different versions of Windows usually set other values when they create new forests. See the previous FAQ for those values.
You can check your forest's value by launching the ADSI edit tool (ADSIEDIT.msc) and browsing the Configuration partition for the AD forest. Navigate to CN=Directory Service, CN=Windows NT, CN=Services, CN=Configuration, DC=domain, DC=com. Right-click the CN=Directory Service object and select Properties. Look for the tombstoneLifetime value. As I said, if the value isn't set, 60 days is used. Otherwise, the value specified is used, such as 180 in the example shown here.
Click to expand. |
Related Reading:
Q. Is there an easy way to clean up the metadata of deleted domain controllers (DCs)?
Q. The Active Directory (AD) best practices recommend using a RAID 1 mirror set for the AD database and a separate RAID 1 mirror set for the AD logs. Is this really necessary and the best use of spindles?
Q. I need to perform an AD database restore. Can I just stop the Active Directory service (NTDS) on my Windows Server 2008 or later domain controller (DC), perform the restore, then start the service again?
Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.
About the Author
You May Also Like
.png?width=700&auto=webp&quality=80&disable=upscale)