Re: Default tombstone lifetime

From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
Date: Fri, 21 Jul 2006 14:05:48 -0400

Nope, "not set" should not occur if the forest was built initially with K3 SP1, it actually sets the value in the Directory Service object to 180 during the forest build process. Ditto for SP1 and R2 ADAM. So any time you see "not set", the value being used is 60 days.

I will contact Microsoft to see about getting the documentation corrected.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net

---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

David Chadwick wrote:

Hi,

This is a question out of curiousity rather than a desperate need to know. :)

The following Technet link explains what the default tombstone lifetime for a domain is:
http://technet2.microsoft.com/WindowsServer/en/library/f3df8a52-81ea-4a1d-9823-4e51fbd3422a1033.mspx?mfr=true

The default value for "tombstoneLifetime" is "<not set>".

The thing I find strange is that "<not set>" could either be 60 days or 180 days, depending on whether your forest root was initially created on Windows 2000/2003 RTM or Windows 2003 SP1.

My question is where does AD ultimately pull this information from? What I am trying to ask is - imagine you create your forest root with Windows 2003 RTM. It is now years later and all your DCs are Windows 2003 SP1. Your tombstoneLifetime is still "<not set>", and in this particular instance "<not set>" means 60 days.

How does AD "know" that "<not set>" means 60 days rather than 180 days? There must be another attribute somewhere which defines this default, surely? How does AD determine whether it was "initially 2003 RTM" and therefore decide that the tombstone lifetime is 60 rather than 180 days.

I'm really curious about this. :)

Cheers,
David

Follow-Ups:
- Re: Default tombstone lifetime
  - From: David Chadwick

References:
- Default tombstone lifetime
  - From: David Chadwick

Prev by Date: Re: Unable to create domain trust: a device not functioning
Next by Date: Re: Multiple FSMO changes
Previous by thread: Default tombstone lifetime
Next by thread: Re: Default tombstone lifetime
Index(es):
- Date
- Thread

Relevant Pages

Re: Default tombstone lifetime
... I just built some brand new R2 media and did the full install and prior to installing CD2 schema.ini is correct and then after installing CD2 schema.ini is regressed, I will bug this with Microsoft. ... Joe Richards Microsoft MVP Windows Server Directory Services ... I suspect if I didn't have R2 on there, but only had SP1 then the older schema.ini file would be present and this would set the TLS to 180 days. ... If that is there and it still doesn't look like the forest has a TSL of 180 days triplecheck the object you are looking at for the value and make sure you don't have any word ACLs set. ...
(microsoft.public.windows.server.active_directory)
Re: Default tombstone lifetime
... were built from genuine SP1 integrated media. ... SP1, it actually sets the value in the Directory Service object to 180 ... during the forest build process. ... Joe Richards Microsoft MVP Windows Server Directory Services ...
(microsoft.public.windows.server.active_directory)
Re: Default tombstone lifetime
... If you windiff the two involved version of the file you will see that it appears that someone took a file from 11/23 and updated the object version of the schema object in the file and then 7 days later on 11/30 someone updated the file from 11/23 with the new tombstonelifetime. ... Please verify that any Gold SP1 media you actually received from Microsoft or built directly from a Gold ISO has the proper schema.ini file. ... Joe says that the documentation is wrong and that it actually does set that particular attribute to 180 days if you create a forest on a SP1 machine, but that is not what I am seeing. ... In an Forest were you installed the 1st DC a Windows Server 2003 SP1he new default tombstone-lifetime is tripled to 180 days. ...
(microsoft.public.windows.server.active_directory)
Re: Default tombstone lifetime
... If that is there and it still doesn't look like the forest has a TSL of 180 days triplecheck the object you are looking at for the value and make sure you don't have any word ACLs set. ... Joe Richards Microsoft MVP Windows Server Directory Services ... I have built many Windows 2003 with SP1 integrated forests and the value is always "". ... I have 6 or 7 other test forests and every single one of them says "", yet all of them were built from genuine SP1 integrated media. ...
(microsoft.public.windows.server.active_directory)
Re: Default tombstone lifetime
... What I have found is that the schema.ini file on the Windows 2003 SP1 disc ... used when building a new forest and it isn't like that is buggy. ... Joe Richards Microsoft MVP Windows Server Directory Services ...
(microsoft.public.windows.server.active_directory)