Hi Susan, I've seen issues with tombstones sitting around, such as bad written software who still sees them. The main other reason for finally getting rid of the tombstones is to free Active Directory space, but that shouldn't be an issue in a SBS-Domain. On the other hand I do not see the need in a small environment to even increase the tombstone lifetime further than 60 days. Increasing it may help in certain scenarios, such as DCs which are regulary offline for a while (e.g. those who get to travel the ocean on ships) and in huge enterprises with a lot of slow unreliable lines in countries where you can't make sure that a broken line is replaced quickly.
I don't see the requirement to restore objects from backup which are more than 60 days old. Users wouldn't remember their password anyways, computers also. Groups may have been changed as well, ... And the tombstone only helps you when performing a semi-authoritative restore, such as the recovery manager from quest does. However I do not believe many companies running SBS are running recovery manager. If you want to manually restore tombstones you need to fill most of the attributes manually as well, so it's quite a pain. Wouldn't it be easier to just create a new account and use the sidwalk migration suite / subinacl on those few boxes in your SBS domain after the 60 days have expired? Just my 0,02? Ulf |-----Original Message----- |From: [EMAIL PROTECTED] [mailto:ActiveDir- |[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS |Rocks [MVP] |Sent: Monday, November 28, 2005 3:42 AM |To: ActiveDir@mail.activedir.org |Subject: [ActiveDir] Tombstone value | |Stupid question from the SBS AD crowd..... | |Default tombstone value is 60 days on Win2k3 Default tombstone for new forests |on 2k3 sp1 is 180 | |Translation for us SBS boxes... unless we change it it's 60 days if we were an |RTM SBS box or 180 if we were a SP1 installed box. | |For our space down here.... is there any disadvantage to increasing that value |to something even longer? Is there a max value? | |We only have one PDC and possibly an additional domain controller. If we have |a pretty static-y network.... is there a disadvantage to increasing this value |to aid in disaster recovery of the system state backup? |List info : http://www.activedir.org/List.aspx |List FAQ : http://www.activedir.org/ListFAQ.aspx |List archive: http://www.mail- |archive.com/activedir%40mail.activedir.org/ivedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/