I fielded a question today on the article at
Â
Basically it incorrectly says:
 To determine the tombstone lifetime for the forest
Â
 1. On the Start menu, click Run, type adsiedit.msc, and then click OK.
Â
2. In the console tree, double-click Configuration [DomainControllerName], CN=Configuration,DC=[ForestRootDomain], CN=Services, and CN=Windows NT.
Â
3. Right-click CN=Directory Service, and then click Properties.
Â
4. In the Attribute column, click tombstoneLifetime.
Â
5. Note the value in the Value column. If the value is , the default value is in effect as follows:• On a domain controller in a forest that was created on a domain controller running Windows Server 2003 with Service Pack 1 (SP1), the default value is 180 days.
Â
• On a domain controller in a forest that was created on a domain controller running Windows 2000 Server or Windows Server 2003, the default value is 60 days
Â
Â
Do you see the boo boo?The problem is with the stuff under bullet 5 where it says if the attribute isn’t set then the default could be either 180 days or 60 days depending on whether the forest was built with K3 SP1 or instead with something earlier. Well I am certainly glad it doesn’t work that way, that would amazingly annoying and confusing all in one. While MSFT has been known to do amazingly goofy things like that, thankfully this isn’t one of those cases…
If you build a new forest with K3 SP1 (or you build an ADAM config set with ADAM R2/SP1) the tombstonelifetime attribute will be populated with 180 so if you see not set it means the forest was built with pre-K3 SP1 or someone cleared the value (thereby taking you back to 60 days…).
This is one of those really easy changes because they didn’t change the hardcoded default in the Windows Source code. They simply added a few lines to the %windir%\system32\schema.ini file… Specifically they added the lines
; Explict TSL default set in W2K3 SP1 to increase shelf-life of backups and allow longer
; disconnection times.
tombstoneLifetime=180
This kicks in when making a new forest.
So now in the meanwhile I need to figure out who to submit this mistake too to get it corrected. I don’t have an easy feedback mechanism that I am aware of for technet. MSKB and MSDN are a breeze, not technet. I will use the comments box on the article but I have not found a lot of joy in using those so I will send emails of the problem to folks I know. If you are reading this and your IP address is somewhere on the MSFT network and you know who could fix this, please feel free to ping that person and send them to me or to this blog entry. Thanks!
  joe
Â
Hi Joe,
It was my question. 🙂
Thanks for clearing up how this works. The mistake in the documentation is pretty bad!
One thing I will point out though, is that the section in schema.ini that you have pasted above seems to have been REMOVED from the schema.ini that R2 uses. From what I can tell, R2 has reverted to not setting the tombstoneLifetime and therefore it’s back to 60 days again.
Even more confusing.
Cheers,
David