Q. How can I check the tombstone lifetime of my Active Directory forest?

A. Windows will use a 60-day tombstone lifetime (TSL) if no value is set in the forest's configuration. The domain controller promotion wizards for different versions of Windows usually set other values when they create new forests. See the previous FAQ for those values.

You can check your forest's value by launching the ADSI edit tool (ADSIEDIT.msc) and browsing the Configuration partition for the AD forest. Navigate to CN=Directory Service, CN=Windows NT, CN=Services, CN=Configuration, DC=domain, DC=com. Right-click the CN=Directory Service object and select Properties. Look for the tombstoneLifetime value. As I said, if the value isn't set, 60 days is used. Otherwise, the value specified is used, such as 180 in the example shown here.

Click to expand.

Related Reading:

Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.