September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
16.18. Modifying the Tombstone Lifetime for a Domain
Problem
You want to change the default tombstone lifetime for a domain.
Solution
Using a graphical user interface
Open ADSI Edit.
In the left pane, expand
cn=Configuration→cn=Services→cn=Windows NT.Right-click on
cn=DirectoryServiceand select Properties.Set the
tombstoneLifetimeattribute to the number of days that tombstone objects should remain in Active Directory before getting removed completely (the default is 60 days).Click OK.
Using a command-line interface
Create an LDIF file called
change_tombstone_lifetime.ldf with the following
contents:
dn: cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,<ForestRootDN> changetype: modify replace: tombstoneLifetime tombstoneLifetime: <NumberOfDays> -
then run the following command:
> ldifde -v -i -f change_tombstone_lifetime.ldf
Using VBScript
' This code modifies the default tombstone lifetime
' ------ SCRIPT CONFIGURATION ------
intTombstoneLifetime = <NumberOfDays>
' ------ END CONFIGURATION ---------
set objRootDSE = GetObject("LDAP://RootDSE")
set objDSCont = GetObject("LDAP://cn=Directory Service,cn=Windows NT," & _
"cn=Services," & objRootDSE.Get("configurationNamingContext") )
objDSCont.Put "tombstoneLifetime", intTombstoneLifetime
objDSCont.SetInfo
WScript.Echo "Successfully set the tombstone lifetime to " & _
intTombstoneLifetimeDiscussion
It is not recommended that you change this setting unless you have a very good reason. Lowering this value below the 60-day ...