Microsoft Windows: How to Modify the Tombstone Lifetime of an Active Directory Forest

1. On a DC in the forest, launch ADSI Edit (adsiedit.msc).
2. If the Configuration partition is not listed in the left pane of the ADSI Edit console, follow these steps to connect to it:
   1. Right-click the ADSI Edit header in the left pane and select "Connect to…".
   2. Select the radio button labeled Select a well known Naming Context:
   3. From the dropdown menu below the radio button, select Configuration.
   4. Click OK to connect.
3. Expand Configuration in the left pane. It may be necessary to left-click Configuration before it can be expanded.
4. Expand the CN=Configuration… folder.
5. Expand CN=Services.
6. Select CN=Windows NT.
7. In the center pane, right-click CN=Directory Service and select Properties.
8. In the Attribute Editor tab of the properties window, scroll down to the tombstoneLifetime attribute and select it.
9. Click the Edit button.
10. The value of the attribute represents the tombstone lifetime in days. Type the wanted value and click OK.
11. Click OK again to close the properties window.
12. Close ADSI Edit. The new value replicates to all other DCs in the forest.

This video demonstrates the procedure above:

The tombstone lifetime is a forest-wide attribute. It cannot be configured for individual domains within a forest.

The tombstone lifetime of an Active Directory forest is typically 180 days. This has been the default value for all forests created since Windows Server 2003 R2 SP2. It is also the default value in Windows Server 2003 SP1 and SP2.

If the value of the tombstoneLifetime attribute is displayed as <not set>, the tombstone lifetime of the forest is 60 days. This is the default value for all forests created in Windows 2000 Server, Windows Server 2003 RTM, and Windows Server 2003 R2 RTM and SP1.

The tombstone lifetime is not automatically increased when the DCs in a forest are upgraded to newer operating system versions or when functional levels are raised. It must be modified manually.

The tombstone lifetime represents the maximum usable life of a system state backup of a DC. Restoring a backup of a DC that is older that the tombstone lifetime results in the restored DC being unable to replicate with any partners.

A short tombstone lifetime is not recommended in a production environment. The shorter the tombstone lifetime, the less time there is to detect and resolve a replication issue before replication is automatically disabled.