1

I was not able to find some technet article which lists value of this setting for different versions of Windows Server. There are some information in various blogs but it looks controversial at times... Any link to full & exact list?

Mikhail
  • 1,287
  • 3
  • 18
  • 35

1 Answers1

6

Each Version of Windows Server since Windows 2000 implements the tombstoneLifetime attribute in Active Directory with a default value of either 60 or 180 days.

What does default imply?

The tombstoneLifetime attribute is set in the Configuration NC, and as such is a forest-wide setting.

The version of the first Domain Controller in your forest determines the value of the tombstoneLifetime throughout the forest.

When does it change?

Upon raising the forest functional level from Windows Server 2003 to 2008 or later will change the tombstoneLifetime value in the forest from 60 to 180, with the notable exceptions of forests created on either Windows Server 2003 SP1 or Windows Server 2003 R2 SP2, in which case the value will already have been set to 180. The first release of Windows Server 2003 R2 is exempt from this rule due to a bug in the AD installer in 2003 R2.

What about pre-2000 domain upgrades?

If you have an existing NT4.0 domain and want to upgrade it, the tombstoneLifetime value introduced depends on the upgrade method and target forest.

When you upgrade a NT domain to a 2000 or 2003 domain in an existing forest, the tombstoneLifetime value is already set and nothing changes.

When you upgrade a NT domain to a new 2000 or 2003 forest it depends on the installation media used to upgrade the NT4.0 PDC. If you use a 2003 SP1 CD, the 180 days value is applied, otherwise it is still 60 days

How can I change it myself?

The tombstoneLifetime attribute is set on the following container in Active Directory:

CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=myforest,DC=tld

given that the forest root domain FQDN is myforest.tld

Fire up ADSI Edit and set the value to the number of days from deletion you want to keep tombstones in the database.

Give me the data!

If you want a comprehensive overview of the default TSL on each version of Windows Server since its inception, here you go:

Windows Version              Default TSL
----------------------------------------
Windows Server 2000         -    60 days
Windows Server 2003         -    60 days
Windows Server 2003 SP1     -   180 days
Windows Server 2003 R2      -    60 days
Windows Server 2003 R2 SP2  -   180 days
Windows Server 2008         -   180 days
Windows Server 2008 R2      -   180 days
Windows Server 2012         -   180 days
Windows Server 2012 R2      -   180 days (not confirmed)

References:
- http://support.microsoft.com/default.aspx?scid=kb;EN-US;216993
- http://support.microsoft.com/kb/924890
- http://blogs.technet.com/b/askds/archive/2009/08/27/the-ad-recycle-bin-understanding-implementing-best-practices-and-troubleshooting.aspx

Mathias R. Jessen
  • 24,907
  • 4
  • 62
  • 95