What is it?\n\nThombstone interval is a preconfigured period for AD objects since their last validation of being active. Default value in Windows Server 2008 R2 – 60 days.\n\nFull list of default values:\n\nWindows Version Default TSL\n—————————————-\nWindows Server 2000 – 60 days\nWindows Server 2003 – 60 days\nWindows Server 2003 SP1 – 180 days\nWindows Server 2003 R2 – 60 days\nWindows Server 2003 R2 SP2 – 180 days\nWindows Server 2008 – 180 days\nWindows Server 2008 R2 – 180 days\nWindows Server 2012 – 180 days\nWindows Server 2012 R2 – 180 days (not confirmed)\n\n(thanks for this data goes to Mathias R. Jessen, see his answer to this question on servefault.com)\n\nHow to check current setting?\n\nYou can do it with dsquery command:\n\ndsquery * "cn=directory service,cn=windows nt,cn=services,cn=configuration,dc=" –scope base –attr tombstonelifetime\n\nHow to change?\n\nUse ADSI edit and change tombstoneLifetime value of Directory Service object. Directory Service object reside in configuration partition of AD forest (CN=Configuration,CN=Directory Service, CN=Windows NT, CN=Services, CN=Configuration, DC=domain, DC=com).\n\nWhy shoud I care?\n\nThis interval is used to prevent introduction of lingering objects into your AD DS when you perfroming restore. If you need to restore global catalog then time of your backup should not exceed tombstone interval for successful restore. So if you need to do a restore of AD objects older than 60 days, you should change your tombstone interval setting accordingly.
Notes, ideas and other things