There is an article on TechNet about the forest’s tombstone lifetime for Active Directory (http://technet.microsoft.com/en-us/library/cc784932(WS.10).aspx) that was discussed on an internal MSFT DS Team / MSFT MVP email list. The discussion pointed out that there is a little confusion around the article.
Specifically the confusion can come up around step 8
Note the value in the Value column. If the value is <not set>, the default value is in effect as follows:
- On a domain controller in a forest that was created on a domain controller running Windows Server 2003 with Service Pack 1 (SP1), Windows Server 2003 with Service Pack 2 (SP2), Windows Server 2008, or Windows Server 2008 R2, the default value is 180 days.
- On a domain controller in a forest that was created on a domain controller running Windows 2000 Server, Windows Server 2003, or Windows Server 2003 R2, the default value is 60 days.
The question came up… and a good question I might add… “What if you don’t know what version of the OS was used to initially build the forest?”
If this confusion exists for Directory Service MVPs, then it probably exists for some other folks as well.
There is a very easy (for now) way to ascertain what the tombstone lifetime is.
- Run the command “adfind –sc policies”
- Read the line that starts with >tombstoneLifetime:
- If the line exists, the value listed is your tombstone lifetime in days. If the line doesn’t exist, the tombstone lifetime is 60 days.
But joe, doesn’t the OS version matter? No. The reason it doesn’t matter is that the default didn’t change in the source code for the different OS versions. What changed was a line in a file called schema.ini which sets the value of tombstoneLifetime to whatever other value so if the value isn’t set it is the AD default 60 days.
The section of the schema.ini file we are talking about is
; Explict TSL default set in W2K3 SP1 to increase shelf-life of backups and allow longer
; disconnection times.