Skip to Content
Active Directory Cookbook
book

Active Directory Cookbook

by Robbie Allen
September 2003
Intermediate to advanced
624 pages
15h 49m
English
O'Reilly Media, Inc.
Content preview from Active Directory Cookbook

16.18. Modifying the Tombstone Lifetime for a Domain

Problem

You want to change the default tombstone lifetime for a domain.

Solution

Using a graphical user interface

  1. Open ADSI Edit.

  2. In the left pane, expand cn=Configuration cn=Services cn=Windows NT.

  3. Right-click on cn=Directory Service and select Properties.

  4. Set the tombstoneLifetime attribute to the number of days that tombstone objects should remain in Active Directory before getting removed completely (the default is 60 days).

  5. Click OK.

Using a command-line interface

Create an LDIF file called change_tombstone_lifetime.ldf with the following contents:

dn: cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,<ForestRootDN>
changetype: modify
replace: tombstoneLifetime
tombstoneLifetime: <NumberOfDays>
-

then run the following command:

> ldifde -v -i -f change_tombstone_lifetime.ldf

Using VBScript

' This code modifies the default tombstone lifetime
' ------ SCRIPT CONFIGURATION ------
intTombstoneLifetime = <NumberOfDays>
' ------ END CONFIGURATION ---------

set objRootDSE = GetObject("LDAP://RootDSE")
set objDSCont = GetObject("LDAP://cn=Directory Service,cn=Windows NT," & _
                "cn=Services," & objRootDSE.Get("configurationNamingContext") )
objDSCont.Put "tombstoneLifetime", intTombstoneLifetime
objDSCont.SetInfo
WScript.Echo "Successfully set the tombstone lifetime to " & _
             intTombstoneLifetime

Discussion

It is not recommended that you change this setting unless you have a very good reason. Lowering this value below the 60-day ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

AirBnbBlueOriginElectronic ArtsHomeDepotNasdaqRakutenTata Consultancy Services

QuotationMarkO’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
QuotationMarkI wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
QuotationMarkI’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
QuotationMarkI'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Mark W.
Embedded Software Engineer

You might also like

Active Directory Administration Cookbook

Active Directory Administration Cookbook

Sander Berkouwer
Active Directory Cookbook, 3rd Edition

Active Directory Cookbook, 3rd Edition

Laura E. Hunter, Robbie Allen
Active Directory, Second Edition

Active Directory, Second Edition

Robbie Allen, Alistair G. Lowe-Norris

Publisher Resources

ISBN: 0596004648Catalog PageErrata