Domain Controller Tombstone

The tombstone lifetime is set with the install of the first dcs in a forest for all domains.

Domain controller tombstone. My active directory domain controllers were tombstoned. Domain controllers that do not replicate in a timely manner may encounter errors. Once this tombstone lifetime value is exceeded the tombstoned object is automatically deleted by the garbage collection process.

Even if you ve upgrade multiple times since the first installation and you re now on windows 2012 it will be still be only 60 days if installed with 2000 or 2003 without a service pack. By default each tombstoned object remains in the database for 180 days. The default tombstone lifetime in windows server 2000 2003 is 60 days.

One of the benefits this provides is an increase in the useful life of backups. If an active directory domain controller has exceeded the tombstone lifetime set at 180 days by default it will have issues when it s brought back on to the network. Whatever the issue if a domain controller doesn t communicate replicate with ad within ad s tombstone lifetime it will eventually become permanently tombstoned.

Fyi the tombstone value solely depends on the operating system that was used to create the very first domain controller in the new forest whether it was a fresh installation or upgrading from nt4. Replication will fail so things like users groups will no longer synchronize. One of the benefits this provides is an increase in the useful life of backups.

It may miss password changes and be unable to authenticate. For domain controllers upgraded to windows server 2008 that use a tombstone lifetime of 60 days microsoft recommends manually setting the value to 180 days. When you delete an object from the active directory ad database it s marked as a tombstoned object instead of being fully removed.

Click start click run type regedit and then click ok. To do this follow the steps below. In windows server 2003 sp1 and above it s 180 days.