What is Windows Tombstone?
Tombstone Lifetime is the number of days an object (user, computer, printer, …) in a Windows Active Directory Domain remains available to be restored after it is deleted. If you are running Windows Server 2008 2012 2016 2019 or 2022 the default Tombstone lifetime is 180 days and very very few companies ever change that number.
Determine Tombstone Lifetime in Active Directory
There are two easy ways to determine what the Tombstone Lifetime is on you domain.
CLICK TO ENLARGE
A – Command Line to Determine Tombstone Lifetime
- Launch a PowerShell or Windows Terminal as an administrator
- Enter this command, changing the domain information to yours
Note that my test domain was URTECH4.LOCAL
(get-adobject "cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,dc=urtech4,DC=local" -properties "tombstonelifetime").tombstonelifetimeB – ADSI Edit GUI to Determine Tombstone Lifetime
- Click the START button and type ADSI Edit, then launch ADSI Edit
- Right click on ADSI and select CONNECT TO
- On the SELECT A WELL KNOWN NAMING CONTENT, select CONFIGURATION and click OK
- Expand
cn=Directory Service,dc=urtech4,DC=local
cn=Services
cn=Windows NT
cn=Directory Service - Right click on CN=OPTIONAL FEATURES
- Select PROPERTIES
- Scroll down to TOMBSTONELIFETIME
0 Comments