Determine the tombstone lifetime for the forest

Switch View :

Updated: March 17, 2009

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 Foundation, Windows Server 2008 R2, Windows Server 2008 R2 Foundation

The tombstone lifetime in an Active Directory forest determines how long a deleted object (called a “tombstone”) is retained in Active Directory Domain Services (AD DS). The tombstone lifetime is determined by the value of the tombstoneLifetime attribute on the Directory Service object in the configuration directory partition.

You can use this procedure to determine the tombstone lifetime for the forest.

Membership in Domain Users, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

To determine the tombstone lifetime for the forest using ADSIEdit

Click Start, point to Administrative Tools, and then click ADSI Edit.
In ADSI Edit, right-click ADSI Edit, and then click Connect to.
For Connection Point, click Select a well known Naming Context, and then click Configuration.
If you want to connect to a different domain controller, for Computer, click Select or type a domain or server: (Server | Domain [:port]). Provide the server name or the domain name and Lightweight Directory Access Protocol (LDAP) port (389), and then click OK.
Double-click Configuration, CN=Configuration,DC=ForestRootDomainName, CN=Services, and CN=Windows NT.
Right-click CN=Directory Service, and then click Properties.
In the Attribute column, click tombstoneLifetime.
Note the value in the Value column. If the value is <not set>, the default value is 60 days.

To determine the tombstone lifetime for the forest using Dsquery

Open a Command Prompt window. To open a command prompt, click Start, click Run, type cmd, and then press ENTER.

At the command prompt, type the following command, and then press ENTER:

dsquery * “cn=directory service,cn=windows nt,cn=services,cn=configuration,dc=<forestDN>” –scope base –attr tombstonelifetime

Be sure to replace <forestDN> with the actual distinguished name of the forest. For example, if your forest name is corp.proseware.com, type the following, and then press ENTER:

dsquery * “cn=directory service,cn=windows nt,cn=services,cn=configuration,dc=corp,dc=proseware,dc=com” –scope base –attr tombstonelifetime

Tags :

Community Content

austin.anomaly

You probably need to change the hyphen/en-dash to a dash/minus as well

This one had me pulling my hair out until I realized one line was slightly longer than the other (i.e. when I typed it by hand it ran properly; when I pasted it in and changed the forestDN is failed) BAD dsquery * "cn=directory service,cn=windows nt,cn=services,cn=configuration,dc=<forestDN>" –scope base –attr tombstonelifetime GOOD dsquery * "cn=directory service,cn=windows nt,cn=services,cn=configuration,dc=<forestDN>" -scope base -attr tombstonelifetime

Tags :

Thomas Lee

Only use normal quote character

In all cases you must use the normal quote character, not the slanted or "smart" quotes. Unfortunately, the code examples in this article must have been pasted from a word processor, which substitutes the fancy smart quotes (that are slanted). 12/31/2011

Tags : smart quote dsquery

Ross Wilson aus

Invalid Syntax solution

If I PASTE this from word - I get the error - If I then type over the two quote characters I get the erropr -scope is an unknown parameter then FINALLY if I delete the -scope base (and so have typed dsquery * “CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=mydomain,DC=local” –attr tombstonelifetime ) It works So I think this is Word with its "Smart" quotes

Tags :

JasonBeckett

Invalid Syntax

When entering this command on a windows server 2008 dc, the following is returned: dsquery failed:'Service,CN=Windows' is an unknown parameter. Original command: dsquery * “CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=mydomain,DC=local” –scope base –attr tombstonelifetime

Tags :