Re: Default tombstone lifetime
- From: "David Chadwick" <david@xxxxxxxxxxxxxxx>
- Date: Sun, 23 Jul 2006 13:16:43 +1000
Hi Joe,
I have looked into this further. Thanks for your help so far.
What I have found is that the schema.ini file on the Windows 2003 SP1 disc
has the tombstoneLifetime=180 line set.
However, on the R2 disc (disc 2) there is also a schema.ini file with a
LATER date. This file does NOT have the tombstoneLifetime=180 line in it.
When installing R2, the schema.ini file that ends up in the
C:\WINDOWS\System32 directory is the one from the R2 disc, which does not
specify 180 days.
This is the case with my genuine VLK R2 discs (x86 Standard and Enterprise,
I checked them both).
I believe all the forests I have tested this on were begun from an R2
machine. I suspect if I didn't have R2 on there, but only had SP1 then the
older schema.ini file would be present and this would set the TLS to 180
days.
Can you confirm this on your R2 discs?
Cheers,
David
"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:u3lH6TcrGHA.4324@xxxxxxxxxxxxxxxxxxxxxxx
That is extremely odd because this is done via the schema.ini file that is
used when building a new forest and it isn't like that is buggy. I have
built I don't know how many AD SP1/R2 instances and ADAM SP1/R2 instances
and the TLS is always set.
I would recommend dumping your schema.ini file and look for the line
tombstoneLifetime=180
If that is there and it still doesn't look like the forest has a TSL of
180 days triplecheck the object you are looking at for the value and make
sure you don't have any word ACLs set.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
David Chadwick wrote:
Hi Joe,
This isn't what I am seeing.
I have built many Windows 2003 with SP1 integrated forests (from scratch)
and the value is always "<not set>". I just built one 10 minutes ago
using the VLK Windows 2003 R2 media and created a new forest, and the
value is "<not set>".
I have 6 or 7 other test forests (in virtual machines and test lab
scenarious) and every single one of them says "<not set>", yet all of
them were built from genuine SP1 integrated media.
Cheers,
David
"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:eV3SNBPrGHA.4032@xxxxxxxxxxxxxxxxxxxxxxx
Nope, "not set" should not occur if the forest was built initially with
K3 SP1, it actually sets the value in the Directory Service object to
180 during the forest build process. Ditto for SP1 and R2 ADAM. So any
time you see "not set", the value being used is 60 days.
I will contact Microsoft to see about getting the documentation
corrected.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
David Chadwick wrote:
Hi,
This is a question out of curiousity rather than a desperate need to
know. :)
The following Technet link explains what the default tombstone lifetime
for a domain is:
http://technet2.microsoft.com/WindowsServer/en/library/f3df8a52-81ea-4a1d-9823-4e51fbd3422a1033.mspx?mfr=true
The default value for "tombstoneLifetime" is "<not set>".
The thing I find strange is that "<not set>" could either be 60 days or
180 days, depending on whether your forest root was initially created
on Windows 2000/2003 RTM or Windows 2003 SP1.
My question is where does AD ultimately pull this information from?
What I am trying to ask is - imagine you create your forest root with
Windows 2003 RTM. It is now years later and all your DCs are Windows
2003 SP1. Your tombstoneLifetime is still "<not set>", and in this
particular instance "<not set>" means 60 days.
How does AD "know" that "<not set>" means 60 days rather than 180 days?
There must be another attribute somewhere which defines this default,
surely? How does AD determine whether it was "initially 2003 RTM" and
therefore decide that the tombstone lifetime is 60 rather than 180
days.
I'm really curious about this. :)
Cheers,
David
.
- Follow-Ups:
- Re: Default tombstone lifetime
- From: Joe Richards [MVP]
- Re: Default tombstone lifetime
- References:
- Default tombstone lifetime
- From: David Chadwick
- Re: Default tombstone lifetime
- From: Joe Richards [MVP]
- Re: Default tombstone lifetime
- From: David Chadwick
- Re: Default tombstone lifetime
- From: Joe Richards [MVP]
- Default tombstone lifetime
- Prev by Date: Re: Default tombstone lifetime
- Next by Date: Re: ADMT siD history mirgration
- Previous by thread: Re: Default tombstone lifetime
- Next by thread: Re: Default tombstone lifetime
- Index(es):
Relevant Pages
|
