From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: Wednesday, September 14, 2005 10:41 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] Tombstone IntervalSince it appears most of your questions have already been answered, I'll fill in only those that I see remain; the default value is 604800 seconds or 7 days (note that the default value provided by TechNet is inaccurate) -dnscmd light.msetechnology.local /info /dstombstoneintervalThe specifics of the behavior have already been provided but not the "why?"; when DNS records are maintained within AD, they are frequently registered, re-registered and de-registered. Without DNS' "dstombstoneinterval" mechanism, the de-registration of these records would have otherwise triggered a run-of-the-mill AD tombstoning behavior thereby eating through undesirably large quantities of DIT row space since re-registration would have created a new record and not reanimated the existing tombstoned record. This is particularly true to say of Windows 2000 since the records were maintained within the domain NC and, as a result, replicated as empty shells to the GC whose row space (in the most extreme of circumstances) could become dangerously low due to the net total of all DNS registrations across all domains using integrated zones within the entire forest (unlikely I agree ... but you can't develop a product on the premise of "naaaa, that'll never happen!" ... at least I live in hope). As an aside, it's worth noting that app. NCs do not under any circumstance replicate their content through the partial replication mechanism to a GC and, as such, a Windows 2003 directory (when configured accordingly) is less susceptible to this anyway.--
Dean Wells
MSEtechnology
* Email: dwells@msetechnology.com
http://msetechnology.com
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de
Sent: Wednesday, September 14, 2005 5:58 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Tombstone IntervalHi,
The first I understand but I do not understand the second. Does anyone know what the second does?
Thanks
Jorge
(1) configured per forest in AD
The tombstone lifetime value in an Active Directory forest defines the default number of days that a domain controller preserves knowledge of deleted objects. This value also defines the useful life of a system state backup that is used for disaster recovery or installation from backup media. Active Directory protects itself from restoring data that is older than the tombstone lifetime by disallowing the restore.(2) configured per DNS server in the registry manually or through DNSCMD
/dstombstoneinterval[ 1-30]
Amount of time in seconds to keep tombstoned records in Active Directory alive.
Met vriendelijke groet / Kind regards,
Jorge de Almeida Pinto
Infrastructure Consultant
__________________________________________
![Picture (Metafile)]()
LogicaCMG Nederland B.V. (BU SD/AT)
Division Industry, Distribution and Transport (ID&T)
Kennedyplein 248, 5611 ZT, Eindhoven
. Postbus 7089
5605 JB Eindhoven
( Tel : +31-(0)40-29.57.777
2 Fax : +31-(0)40-29.57.709
( Mobile : +31-(0)6-26.26.62.80* E-mail : [EMAIL PROTECTED]
" <http://www.logicacmg.com/> - Solutions that matter -
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
Title: Tombstone Interval
Another tidbit... DNS servers run through an internal
process every 2am to identify and delete "stale" dnsTombstone records.
It's at that point they begin the traditional AD object deletion process.
The 2am interval is not configurable.
