Re: Default tombstone lifetime

At a technical level there is a constant value (appropriately named DEFAULT_TOMBSTONE_LIFETIME) defined in a header file and if the directory entry doesn't exist, the constant value is used in its stead.

This is standard way of handling any config values (directory or registry) that have default values with no required directory or registry entry. It saves them from the inevitable crash if someone deleted a critical value and that value didn't have a default value to insert by default.

I am absolutely positive the documentation is wrong and already have concurrence from one of the best AD troubleshooters inside of Microsoft who was going to chase up with the documentation owner.

I have also alerted him of this regression issue with the second CD from R2. If you windiff the two involved version of the file you will see that it appears that someone took a file from 11/23 and updated the object version of the schema object in the file and then 7 days later on 11/30 someone updated the file from 11/23 with the new tombstonelifetime. There needed to be a schema object rev between the two but obviously the tombstonelifetime change should have been in both. Basically it is a source check-in mistake.


If you have SP1 install media that has a schema.ini file without the updated tombstonelifetime value then we have yet another problem. Please verify that any Gold SP1 media you actually received from Microsoft or built directly from a Gold ISO has the proper schema.ini file. If it doesn't, please let me know what it is and how you got it and I will get that info into MSFT.


joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


David Chadwick wrote:
Hi Jorge,

Thanks for your reply.

I realise that this is how it works. My question was actually about how AD determines whether the tombstone lifetime is 60 days or 180 days at a technical level. If you read the technet link that I have in my first post, you will see that it states that in BOTH situations (with or without SP1) the tombstoneLifetime attribute is set to "<not set>".

My question or observation was that it must then mean that AD falls back to some other method of determining whether it is 60 or 180 days and I wanted to know what that method was.

Joe says that the documentation is wrong and that it actually does set that particular attribute to 180 days (rather than "<not set>") if you create a forest on a SP1 machine, but that is not what I am seeing. I've tried it several times, all from clean genuine VLK media and that attribute is NEVER set for me.

Cheers,
David


"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message news:evpYA7brGHA.4892@xxxxxxxxxxxxxxxxxxxxxxx
Hi

In an Forest were you installed the 1st DC a Windows Server 2003 SP1he new default tombstone-lifetime is tripled to 180 days. If you don't dcpromo the forests first DC with SP1 already installed you'll still have the default tombstone-lifetime of 60 days.


--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"David Chadwick" <david@xxxxxxxxxxxxxxx> wrote in message news:%23k4d04JrGHA.3680@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

This is a question out of curiousity rather than a desperate need to know. :)

The following Technet link explains what the default tombstone lifetime for a domain is:
http://technet2.microsoft.com/WindowsServer/en/library/f3df8a52-81ea-4a1d-9823-4e51fbd3422a1033.mspx?mfr=true

The default value for "tombstoneLifetime" is "<not set>".

The thing I find strange is that "<not set>" could either be 60 days or 180 days, depending on whether your forest root was initially created on Windows 2000/2003 RTM or Windows 2003 SP1.

My question is where does AD ultimately pull this information from? What I am trying to ask is - imagine you create your forest root with Windows 2003 RTM. It is now years later and all your DCs are Windows 2003 SP1. Your tombstoneLifetime is still "<not set>", and in this particular instance "<not set>" means 60 days.

How does AD "know" that "<not set>" means 60 days rather than 180 days? There must be another attribute somewhere which defines this default, surely? How does AD determine whether it was "initially 2003 RTM" and therefore decide that the tombstone lifetime is 60 rather than 180 days.

I'm really curious about this. :)

Cheers,
David






.

Relevant Pages

  • Re: Default tombstone lifetime
    ... It obviously points out a process flaw that we need to help Microsoft acknowledge so they can address it so it doesn't happen again with say Longhorn R2. ... Just to clarify, you mentioned in your blog post that "some people aren't seeing this", referring to the TLS being set to 180 if using Windows 2003 SP1. ... If you windiff the two involved version of the file you will see that it appears that someone took a file from 11/23 and updated the object version of the schema object in the file and then 7 days later on 11/30 someone updated the file from 11/23 with the new tombstonelifetime. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Default tombstone lifetime
    ... I just built some brand new R2 media and did the full install and prior to installing CD2 schema.ini is correct and then after installing CD2 schema.ini is regressed, I will bug this with Microsoft. ... Joe Richards Microsoft MVP Windows Server Directory Services ... I suspect if I didn't have R2 on there, but only had SP1 then the older schema.ini file would be present and this would set the TLS to 180 days. ... If that is there and it still doesn't look like the forest has a TSL of 180 days triplecheck the object you are looking at for the value and make sure you don't have any word ACLs set. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Default tombstone lifetime
    ... SP1. ... someone updated the file from 11/23 with the new tombstonelifetime. ... Joe Richards Microsoft MVP Windows Server Directory Services ... depending on whether your forest root was initially created ...
    (microsoft.public.windows.server.active_directory)
  • Re: Default tombstone lifetime
    ... Nope, "not set" should not occur if the forest was built initially with K3 SP1, it actually sets the value in the Directory Service object to 180 during the forest build process. ... The thing I find strange is that "" could either be 60 days or 180 days, depending on whether your forest root was initially created on Windows 2000/2003 RTM or Windows 2003 SP1. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Default tombstone lifetime
    ... Cool thanks David. ... Just to clarify, you mentioned in your blog post that "some people aren't seeing this", referring to the TLS being set to 180 if using Windows 2003 SP1. ... If you windiff the two involved version of the file you will see that it appears that someone took a file from 11/23 and updated the object version of the schema object in the file and then 7 days later on 11/30 someone updated the file from 11/23 with the new tombstonelifetime. ...
    (microsoft.public.windows.server.active_directory)
Loading