Configuring Tombstone Lifetime (TSL) period

Share this:

By default a tombstone lifetime is 180  days (it used to be 60 days on Windows Server 2003 R2), however we can change for any number that we like or most likely that our organization requires. The tombstone will define how many days a deleted account can be recovered from the Recycle Bin.

Solution


In order to change the tombstone lifetime, the administrator must open the ADSIEdit.msc, and open a connection settings and select Configuration, as shown in the image below.

image

Expand Configuration, CN=Configuration, CN=Services, CN=Windows NT, and then right-click on CN=Directory Services and click Properties.

image

In the new window, select tombstonelifetime and double click on it, define the new value. In our example, we are specifying the period of two (2) years. Click on Apply to confirm.

image

Written by Anderson Patricio

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson has been contributing to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at ITPROCentral.com, MSExchange.org, Techgenix.com and Anderson Patricio.org (Portuguese).

Related Post

Creating a new Azure Active Directory instance It seems a simple thing, but when you need to create an additional directory for testing/dev purposes, you may ask yourself how to create. In this Tut...
How to Remove an Exchange Server using ADSIEdit.ms... In some cases, an Exchange server can be beyond recover, and no longer necessary, and for this kind of situation the administrator may use ADSIEdit.ms...
How to add the Active Directory Domain Services ro... In this Tutorial we are going over the process to add the Active Directory Domain Services role on a Windows Server 2012 R2. This procedure will be th...
Auditing logon events with FortiGate How to enable Auditing on Active Directory. One of my customers was implementing web filtering using Active Directory with Fortigate firewall applianc...