Configuring Tombstone Lifetime (TSL) period

Share this:

By default a tombstone lifetime is 180  days (it used to be 60 days on Windows Server 2003 R2), however we can change for any number that we like or most likely that our organization requires. The tombstone will define how many days a deleted account can be recovered from the Recycle Bin.

Solution


In order to change the tombstone lifetime, the administrator must open the ADSIEdit.msc, and open a connection settings and select Configuration, as shown in the image below.

image

Expand Configuration, CN=Configuration, CN=Services, CN=Windows NT, and then right-click on CN=Directory Services and click Properties.

image

In the new window, select tombstonelifetime and double click on it, define the new value. In our example, we are specifying the period of two (2) years. Click on Apply to confirm.

image

Written by Anderson Patricio

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson has been contributing to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at ITPROCentral.com, MSExchange.org, Techgenix.com and Anderson Patricio.org (Portuguese).

Related Post

How to define an OU as default location for new Co... By default all computer objects are created under the Computers container and in this Tutorial we are going change (redirect) this default location to...
Auditing logon events with FortiGate How to enable Auditing on Active Directory. One of my customers was implementing web filtering using Active Directory with Fortigate firewall applianc...
Article: Protect your enterprise social media acco... Hello folks, I've just published an article in Techgenix.com where we go over the benefits of using Microsoft Azure Active Directory SSO with socia...
How to Remove an Exchange Server using ADSIEdit.ms... In some cases, an Exchange server can be beyond recover, and no longer necessary, and for this kind of situation the administrator may use ADSIEdit.ms...