16 November, 2010

Tombstone & Garbage Collection

Tombstone Period: When an object is deleted from Active Directory, the object moves into an Deleted Objects Container. The attribute "IsDeleted" of that object after deletion becomes "TRUE". The object remains in the "Deleted Objects" container for a certain period of time known as Tombstone Period

Tombstone Lifetime:
Windows 2000/2003 : 60 days
Windows 2003 SP1   : 180 days
Windows 2003 R2    : 60 days
Windows 2008         : 60 days
Windows 2008 R2    :

To modify the above time period, change the value of "Tombstone Period"
CN=Directory Services,CN=Windows NT,CN=Services,CN=Configuration,DC=ForestRootDomain


The minimum period that can be set is 2 days. Although it is not recommended to increase or decrease the lifetime as increasing the lifetime would mean more time for which the deleted objects will remain in the database (ntds.dit) and decreasing the lifetime would mean less chances of recovering the deleted objects.

Deleted items can be recovered with a backup till the time they are in"Deleted Objects" container. Once they are removed from the "Deleted Objects" container, they cannot be recovered. The process of recovering the objects without using backup is known as Reanimation.

Garbage Collection:  At the end of tombstone lifetime, each domain controller removes the tomstoned objects from its copy of the database. This process of removing the tombstoned objects from the database after the tombstone period has completed is known as Garbage Collection

Garbage Collection Interval: 12 hours (We can manually force the Garbage Collection to Run)

When an object is deleted from active directory, then the object is moved into the "Deleted Objects" container and the attribute "IsDeleted" of the deleted object is set to TRUE. When the object is in "Deleted Objects" container, there are only few mandatory attributes that are retained with the objects, else all the rest of the objects`s attributes are removed when the object is deleted and moved from AD to the "Deleted Objects" container

The object remains in the "Deleted Objects" container till its tombstone lifetime expires after which the garbage collection process runs and the object is deleted forever (Not exactly forever, practically the objects remains there in the NTDS.DIT foreever but majority of the objects`s attributes are stripped off)