Re: Default tombstone lifetime

Hi Joe,

This isn't what I am seeing.

I have built many Windows 2003 with SP1 integrated forests (from scratch)
and the value is always "<not set>". I just built one 10 minutes ago using
the VLK Windows 2003 R2 media and created a new forest, and the value is
"<not set>".

I have 6 or 7 other test forests (in virtual machines and test lab
scenarious) and every single one of them says "<not set>", yet all of them
were built from genuine SP1 integrated media.

Cheers,
David

"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:eV3SNBPrGHA.4032@xxxxxxxxxxxxxxxxxxxxxxx
Nope, "not set" should not occur if the forest was built initially with K3
SP1, it actually sets the value in the Directory Service object to 180
during the forest build process. Ditto for SP1 and R2 ADAM. So any time
you see "not set", the value being used is 60 days.

I will contact Microsoft to see about getting the documentation corrected.

joe


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


David Chadwick wrote:
Hi,

This is a question out of curiousity rather than a desperate need to
know. :)

The following Technet link explains what the default tombstone lifetime
for a domain is:
http://technet2.microsoft.com/WindowsServer/en/library/f3df8a52-81ea-4a1d-9823-4e51fbd3422a1033.mspx?mfr=true

The default value for "tombstoneLifetime" is "<not set>".

The thing I find strange is that "<not set>" could either be 60 days or
180 days, depending on whether your forest root was initially created on
Windows 2000/2003 RTM or Windows 2003 SP1.

My question is where does AD ultimately pull this information from? What
I am trying to ask is - imagine you create your forest root with Windows
2003 RTM. It is now years later and all your DCs are Windows 2003 SP1.
Your tombstoneLifetime is still "<not set>", and in this particular
instance "<not set>" means 60 days.

How does AD "know" that "<not set>" means 60 days rather than 180 days?
There must be another attribute somewhere which defines this default,
surely? How does AD determine whether it was "initially 2003 RTM" and
therefore decide that the tombstone lifetime is 60 rather than 180 days.

I'm really curious about this. :)

Cheers,
David



.

Relevant Pages

  • Re: Default tombstone lifetime
    ... I just built some brand new R2 media and did the full install and prior to installing CD2 schema.ini is correct and then after installing CD2 schema.ini is regressed, I will bug this with Microsoft. ... Joe Richards Microsoft MVP Windows Server Directory Services ... I suspect if I didn't have R2 on there, but only had SP1 then the older schema.ini file would be present and this would set the TLS to 180 days. ... If that is there and it still doesn't look like the forest has a TSL of 180 days triplecheck the object you are looking at for the value and make sure you don't have any word ACLs set. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Default tombstone lifetime
    ... Nope, "not set" should not occur if the forest was built initially with K3 SP1, it actually sets the value in the Directory Service object to 180 during the forest build process. ... The thing I find strange is that "" could either be 60 days or 180 days, depending on whether your forest root was initially created on Windows 2000/2003 RTM or Windows 2003 SP1. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Default tombstone lifetime
    ... If you windiff the two involved version of the file you will see that it appears that someone took a file from 11/23 and updated the object version of the schema object in the file and then 7 days later on 11/30 someone updated the file from 11/23 with the new tombstonelifetime. ... Please verify that any Gold SP1 media you actually received from Microsoft or built directly from a Gold ISO has the proper schema.ini file. ... Joe says that the documentation is wrong and that it actually does set that particular attribute to 180 days if you create a forest on a SP1 machine, but that is not what I am seeing. ... In an Forest were you installed the 1st DC a Windows Server 2003 SP1he new default tombstone-lifetime is tripled to 180 days. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Service Pack 1 License Key Encryption Problem
    ... That time frame would have RTM media, not media that would have included ... SP1 with it. ... That is a around the timeframe that we shipped Windows XP. ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: Default tombstone lifetime
    ... What I have found is that the schema.ini file on the Windows 2003 SP1 disc ... used when building a new forest and it isn't like that is buggy. ... Joe Richards Microsoft MVP Windows Server Directory Services ...
    (microsoft.public.windows.server.active_directory)