| Author | Messages | |
ZJORZ
Posts:389
 | | 09/14/2005 10:00 AM |
| Hi,
The first I understand but I do not understand the second. Does anyone know what the second does?
Thanks
Jorge
(1) configured per forest in AD
The tombstone lifetime value in an Active Directory forest defines the default number of days that a domain controller preserves knowledge of deleted objects. This value also defines the useful life of a system state backup that is used for disaster recovery or installation from backup media. Active Directory protects itself from restoring data that is older than the tombstone lifetime by disallowing the restore.
(2) configured per DNS server in the registry manually or through DNSCMD
/dstombstoneinterval[ 1-30]
Amount of time in seconds to keep tombstoned records in Active Directory alive.
Met vriendelijke groet / Kind regards,
Jorge de Almeida Pinto
Infrastructure Consultant
__________________________________________
LogicaCMG Nederland B.V. (BU SD/AT)
Division Industry, Distribution and Transport (ID&T)
Kennedyplein 248, 5611 ZT, Eindhoven
. Postbus 7089
5605 JB Eindhoven
( Tel : +31-(0)40-29.57.777
2 Fax : +31-(0)40-29.57.709
( Mobile : +31-(0)6-26.26.62.80
* E-mail : Jorge.de.Almeida.Pinto@xxxxxxxxxxxxx
" - Solutions that matter -
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. | | | |
| MarcusOh
Posts:14
| | 09/14/2005 2:26 AM |
| I™m still confused. What™s
the point of dstombstoneinterval if you can only raise the value to 30 seconds?
:m:dsm:cci:mvp
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Almeida Pinto, Jorge de
Sent: Wednesday, September 14,
2005 7:08 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Tombstone Interval
Scavenging
and Aging are processes that age and cleanup (delete) unused DNS resource
records. After a record is deleted it is tombstoned and kept in AD for the same
time as the AD tombstone lifetime (60 days or 180 days in fresh AD SP1 installs).
However there is something else "in between" for DNS records.
I got the
second from the Windows 2003 Branch Office Guide.
Extending the DNS Tombstone Lifetime
You must extend the tombstone lifetime for DNS
resource records stored in the directory. This prevents resource records from
being removed from the directory while a new branch office domain controller is
offline and being shipped to its new location.
First I
did not understand it, but after testing it on a DC I found the following and
it is clear now what it does
OK, here
goes....
A DNS
object is just like any other AD object... There is a slight difference though
When a
DNS object is deleted it is NOT AD tombstoned right away like other objects and
it is also not "moved" to the Deleted Objects container of the naming
context it resides it. Unlike any other objects it is invisible in the DNS GUI
and it remains in the location for the DNS Tombstone Lifetime (don't know what
the default is). When it is DNS tombstoned the attribute dNSTombstoned is set
to TRUE. After the DNS Tombstone Lifetime it is AD tombstoned and
"moved" to the Deleted Objects container of the naming context it
resides it.
If the
DNS object is "recreated" within the DNS Tombstone Lifetime the old
DNS tombstoned object is revived (same GUID) as the attribute dNSTombstoned is
set to FALSE .
If
someone knows the default, please let me know.
Cheers,
Jorge
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of neil.ruston@xxxxxxxxxxxxx
Sent: Wednesday, September 14,
2005 12:08
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Tombstone Interval
Would the latter refer to scavenged
objects?
neil
---------------------------------------
Neil Ruston
Nomura International Plc
Tel: 020 7521 3481
neil.ruston@xxxxxxxxxxxxx
-----Original Message-----
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]On Behalf Of Almeida Pinto, Jorge de
Sent: 14 September 2005 10:58
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Tombstone Interval
Hi,
The first I understand but
I do not understand the second. Does anyone know what the second does?
Thanks
Jorge
(1) configured per forest
in AD
The tombstone lifetime value in an Active Directory forest defines the default
number of days that a domain controller preserves knowledge of deleted objects.
This value also defines the useful life of a system state backup that is used
for disaster recovery or installation from backup media. Active Directory
protects itself from restoring data that is older than the tombstone lifetime
by disallowing the restore.
(2) configured per DNS
server in the registry manually or through DNSCMD
/dstombstoneinterval[ 1-30]
Amount of time in seconds to keep tombstoned records in Active Directory alive.
Met
vriendelijke groet / Kind regards,
Jorge de Almeida Pinto
Infrastructure Consultant
__________________________________________
LogicaCMG Nederland B.V. (BU SD/AT)
Division Industry,
Distribution and Transport (ID&T)
Kennedyplein
248, 5611 ZT, Eindhoven
.
Postbus
7089
5605 JB Eindhoven
(
Tel
: +31-(0)40-29.57.777
2
Fax
: +31-(0)40-29.57.709
(
Mobile : +31-(0)6-26.26.62.80
*
E-mail :
Jorge.de.Almeida.Pinto@xxxxxxxxxxxxx
"
http://www.logicacmg.com/> - Solutions that matter -
This e-mail and any attachment is for
authorised use by the intended recipient(s) only. It may contain proprietary
material, confidential information and/or be subject to legal privilege. It
should not be copied, disclosed to, retained or used by, any other party. If
you are not an intended recipient then please promptly delete this e-mail and
any attachment and all copies and inform the sender. Thank you.
PLEASE READ: The information contained in this email is
confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately
and delete your
copy from your system. You must not copy, distribute or take
any further
action in reliance on it. Email is not a secure method of
communication and
Nomura International plc ('NIplc') will not, to the extent
permitted by law,
accept responsibility or liability for (a) the accuracy or
completeness of,
or (b) the presence of any virus, worm or similar malicious
or disabling
code in, this message or any attachment(s) to it. If
verification of this
email is sought then please request a hard copy. Unless
otherwise stated
this email: (1) is not, and should not be treated or relied
upon as,
investment research; (2) contains views or opinions that are
solely those of
the author and do not necessarily represent those of NIplc;
(3) is intended
for informational purposes only and is not a recommendation,
solicitation or
offer to buy or sell securities or related financial
instruments. NIplc
does not provide investment services to private customers.
Authorised and
regulated by the Financial Services Authority. Registered in
England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura
group of companies. | | | |
| ZJORZ
Posts:389
| | 09/14/2005 2:43 AM |
| That' s what I thought also...
Looking at the Windows 2003 Branch Office Guide scenario, it is increased to 15
days (=1296000 seconds)..
You can see this value as the
max. timeframe a certain computer (especially DCs) will be offline. In the
Windows 2003 Branch Office Guide scenario it is because the branch DCs are
staged at the hub location and then shipped to the branch
office
Cheers
Jorge
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
Marcus.Oh@xxxxxxxSent: Wednesday, September 14, 2005
16:24To: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE:
[ActiveDir] Tombstone Interval
I™m still
confused. What™s the point of dstombstoneinterval if you can only raise
the value to 30 seconds?
:m:dsm:cci:mvp
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Almeida Pinto, Jorge
deSent: Wednesday, September
14, 2005 7:08 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Tombstone
Interval
Scavenging
and Aging are processes that age and cleanup (delete) unused DNS resource
records. After a record is deleted it is tombstoned and kept in AD for the same
time as the AD tombstone lifetime (60 days or 180 days in fresh AD SP1
installs). However there is something else "in between" for DNS
records.
I got
the second from the Windows 2003 Branch Office Guide.
Extending the
DNS Tombstone
Lifetime
You must extend the
tombstone lifetime for DNS resource records stored in the directory. This
prevents resource records from being removed from the directory while a new
branch office domain controller is offline and being shipped to its new
location.
First I
did not understand it, but after testing it on a DC I found the following and it
is clear now what it does
OK,
here goes....
A DNS
object is just like any other AD object... There is a slight difference
though
When a
DNS object is deleted it is NOT AD tombstoned right away like other objects and
it is also not "moved" to the Deleted Objects container of the naming context it
resides it. Unlike any other objects it is invisible in the DNS GUI and it
remains in the location for the DNS Tombstone Lifetime (don't know what the
default is). When it is DNS tombstoned the attribute dNSTombstoned is set to
TRUE. After the DNS Tombstone Lifetime it is AD tombstoned and "moved" to the
Deleted Objects container of the naming context it resides
it.
If the
DNS object is "recreated" within the DNS Tombstone Lifetime the old DNS
tombstoned object is revived (same GUID) as the attribute dNSTombstoned is set
to FALSE .
If
someone knows the default, please let me
know.
Cheers,
Jorge
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of
neil.ruston@xxxxxxxxxxxxxSent: Wednesday, September 14, 2005
12:08To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Tombstone
Interval
Would the latter refer
to scavenged objects?
neil
---------------------------------------
Neil
Ruston Nomura International
Plc Tel: 020 7521
3481 neil.ruston@xxxxxxxxxxxxx
-----Original
Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]On Behalf Of Almeida Pinto, Jorge
deSent: 14 September 2005
10:58To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Tombstone
Interval
Hi,
The
first I understand but I do not understand the second. Does anyone know what
the second does?
Thanks
Jorge
(1)
configured per forest in AD The tombstone lifetime value in
an Active Directory forest defines the default number of days that a domain
controller preserves knowledge of deleted objects. This value also defines the
useful life of a system state backup that is used for disaster recovery or
installation from backup media. Active Directory protects itself from
restoring data that is older than the tombstone lifetime by disallowing the
restore.
(2)
configured per DNS server in the registry manually or through
DNSCMD /dstombstoneinterval[ 1-30] Amount of time in seconds to
keep tombstoned records in Active Directory alive.
Met
vriendelijke groet / Kind regards,
Jorge
de Almeida Pinto Infrastructure
Consultant __________________________________________
LogicaCMG
Nederland B.V. (BU SD/AT) Division
Industry, Distribution and Transport (ID&T) Kennedyplein
248, 5611 ZT, Eindhoven . Postbus
7089 5605
JB Eindhoven (
Tel
: +31-(0)40-29.57.777
2
Fax
: +31-(0)40-29.57.709 (
Mobile
: +31-(0)6-26.26.62.80
*
E-mail
: Jorge.de.Almeida.Pinto@xxxxxxxxxxxxx
"
http://www.logicacmg.com/>
-
Solutions that matter -
This e-mail and any
attachment is for authorised use by the intended recipient(s) only. It may
contain proprietary material, confidential information and/or be subject to
legal privilege. It should not be copied, disclosed to, retained or used by,
any other party. If you are not an intended recipient then please promptly
delete this e-mail and any attachment and all copies and inform the sender.
Thank you.
PLEASE READ: The information
contained in this email is confidential and
intended for the named recipient(s)
only. If you are not an intended
recipient of this email please
notify the sender immediately and delete your
copy from your system. You must not
copy, distribute or take any further
action in reliance on it. Email is
not a secure method of communication and
Nomura International plc ('NIplc')
will not, to the extent permitted by law,
accept responsibility or liability
for (a) the accuracy or completeness of,
or (b) the presence of any virus,
worm or similar malicious or disabling
code in, this message or any
attachment(s) to it. If verification of this
email is sought then please request
a hard copy. Unless otherwise stated
this email: (1) is not, and should
not be treated or relied upon as,
investment research; (2) contains
views or opinions that are solely those of
the author and do not necessarily
represent those of NIplc; (3) is intended
for informational purposes only and
is not a recommendation, solicitation or
offer to buy or sell securities or
related financial instruments. NIplc
does not provide investment services
to private customers. Authorised and
regulated by the Financial Services
Authority. Registered in England
no. 1550505 VAT No. 447 2492 35.
Registered Office: 1 St Martin's-le-Grand,
London,
EC1A
4NP. A member of the Nomura group of
companies. | | | |
| dwells
Posts:53
| | 09/14/2005 3:44 AM |
| Since
it appears most of your questions have already been answered, I'll fill in only
those that I see remain; the default value is 604800 seconds or 7 days (note
that the default value provided by TechNet is inaccurate) -
dnscmd
light.msetechnology.local /info /dstombstoneinterval
The
specifics of the behavior have already been provided but not the "why?"; when
DNS records are maintained within AD, they are frequently registered,
re-registered and de-registered. Without DNS' "dstombstoneinterval"
mechanism, the de-registration of these records would have otherwise
triggered a run-of-the-mill AD tombstoning behavior thereby eating through
undesirably large quantities of DIT row space since re-registration would have
created a new record and not reanimated the existing tombstoned
record. This is particularly true to say of Windows 2000 since the
records were maintained within the domain NC and, as a result, replicated as
empty shells to the GC whose row space (in the most extreme of circumstances)
could become dangerously low due to the net total of all DNS registrations
across all domains using integrated zones within the entire forest (unlikely I
agree ... but you can't develop a product on the premise of "naaaa, that'll
never happen!" ... at least I live in hope). As an aside, it's worth
noting that app. NCs do not under any circumstance replicate their content
through the partial replication mechanism to a GC and, as such, a Windows 2003
directory (when configured accordingly) is less susceptible to this
anyway.
--Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Almeida Pinto,
Jorge deSent: Wednesday, September 14, 2005 5:58 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Tombstone
Interval
Hi,
The first I understand
but I do not understand the second. Does anyone know what the second
does?
Thanks
Jorge
(1) configured per
forest in AD The tombstone lifetime
value in an Active Directory forest defines the default number of days that a
domain controller preserves knowledge of deleted objects. This value also
defines the useful life of a system state backup that is used for disaster
recovery or installation from backup media. Active Directory protects itself
from restoring data that is older than the tombstone lifetime by disallowing the
restore.
(2) configured per DNS
server in the registry manually or through DNSCMD /dstombstoneinterval[ 1-30]
Amount of time in seconds to keep
tombstoned records in Active Directory alive.
Met
vriendelijke groet / Kind regards,
Jorge de Almeida Pinto
Infrastructure Consultant __________________________________________
LogicaCMG Nederland B.V. (BU SD/AT) Division
Industry, Distribution and Transport (ID&T) Kennedyplein 248,
5611 ZT, Eindhoven . Postbus 7089 5605 JB Eindhoven
( Tel
: +31-(0)40-29.57.777
2 Fax :
+31-(0)40-29.57.709 ( Mobile :
+31-(0)6-26.26.62.80
* E-mail :
Jorge.de.Almeida.Pinto@xxxxxxxxxxxxx
" http://www.logicacmg.com/> - Solutions that matter
-
This e-mail and any
attachment is for authorised use by the intended recipient(s) only. It may
contain proprietary material, confidential information and/or be subject to
legal privilege. It should not be copied, disclosed to, retained or used by, any
other party. If you are not an intended recipient then please promptly delete
this e-mail and any attachment and all copies and inform the sender. Thank
you. | | | |
| AD000001290
Posts:0
| | 09/14/2005 10:09 AM |
| Would
the latter refer to scavenged objects?
neil
--------------------------------------- Neil Ruston Nomura International Plc Tel: 020 7521 3481 neil.ruston@xxxxxxxxxxxxx
-----Original Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]On Behalf Of Almeida Pinto,
Jorge deSent: 14 September 2005 10:58To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Tombstone
Interval
Hi,
The first I
understand but I do not understand the second. Does anyone know what the
second does?
Thanks
Jorge
(1) configured per
forest in AD The tombstone lifetime
value in an Active Directory forest defines the default number of days that a
domain controller preserves knowledge of deleted objects. This value also
defines the useful life of a system state backup that is used for disaster
recovery or installation from backup media. Active Directory protects itself
from restoring data that is older than the tombstone lifetime by disallowing
the restore.
(2) configured per
DNS server in the registry manually or through DNSCMD /dstombstoneinterval[ 1-30]
Amount of time in seconds to keep
tombstoned records in Active Directory alive.
Met
vriendelijke groet / Kind regards,
Jorge de Almeida Pinto
Infrastructure Consultant __________________________________________
LogicaCMG Nederland B.V. (BU SD/AT) Division
Industry, Distribution and Transport (ID&T) Kennedyplein
248, 5611 ZT, Eindhoven . Postbus 7089 5605 JB
Eindhoven ( Tel
: +31-(0)40-29.57.777
2 Fax :
+31-(0)40-29.57.709 ( Mobile :
+31-(0)6-26.26.62.80
* E-mail :
Jorge.de.Almeida.Pinto@xxxxxxxxxxxxx
" http://www.logicacmg.com/> -
Solutions that matter -
This e-mail and any
attachment is for authorised use by the intended recipient(s) only. It may
contain proprietary material, confidential information and/or be subject to
legal privilege. It should not be copied, disclosed to, retained or used by,
any other party. If you are not an intended recipient then please promptly
delete this e-mail and any attachment and all copies and inform the sender.
Thank you.PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies. | | | |
| katherinec@xxxx.yyy
| | 09/14/2005 10:17 AM |
| Hi Jorge,
It's to do with DNS (resource?) records, not AD tombstoned
objects. As per http://msdn.microsoft.com/library/default.asp?url="">:
DsTombstoneInterval
Data type: uint32Lifetime of tombstoned records in Directory
Service integrated zones, expressed in seconds.
HTH,
Katherine
PS. Sorry - in a rush. Hope this email doesn't seem
abrupt!
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Almeida Pinto,
Jorge deSent: 14 September 2005 17:58To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Tombstone
Interval
Hi,
The first I understand
but I do not understand the second. Does anyone know what the second
does?
Thanks
Jorge
(1) configured per
forest in AD The tombstone lifetime
value in an Active Directory forest defines the default number of days that a
domain controller preserves knowledge of deleted objects. This value also
defines the useful life of a system state backup that is used for disaster
recovery or installation from backup media. Active Directory protects itself
from restoring data that is older than the tombstone lifetime by disallowing the
restore.
(2) configured per DNS
server in the registry manually or through DNSCMD /dstombstoneinterval[ 1-30]
Amount of time in seconds to keep
tombstoned records in Active Directory alive.
Met
vriendelijke groet / Kind regards,
Jorge de Almeida Pinto
Infrastructure Consultant __________________________________________
LogicaCMG Nederland B.V. (BU SD/AT) Division
Industry, Distribution and Transport (ID&T) Kennedyplein 248,
5611 ZT, Eindhoven . Postbus 7089 5605 JB Eindhoven
( Tel
: +31-(0)40-29.57.777
2 Fax :
+31-(0)40-29.57.709 ( Mobile :
+31-(0)6-26.26.62.80
* E-mail :
Jorge.de.Almeida.Pinto@xxxxxxxxxxxxx
" http://www.logicacmg.com/> - Solutions that matter
-
This e-mail and any
attachment is for authorised use by the intended recipient(s) only. It may
contain proprietary material, confidential information and/or be subject to
legal privilege. It should not be copied, disclosed to, retained or used by, any
other party. If you are not an intended recipient then please promptly delete
this e-mail and any attachment and all copies and inform the sender. Thank | | | |
| ZJORZ
Posts:389
| | 09/14/2005 11:10 AM |
| Scavenging and Aging are
processes that age and cleanup (delete) unused DNS resource records. After a
record is deleted it is tombstoned and kept in AD for the same time as the AD
tombstone lifetime (60 days or 180 days in fresh AD SP1 installs). However there
is something else "in between" for DNS records.
I got the second from the
Windows 2003 Branch Office Guide.
Extending the DNS
Tombstone
Lifetime
You must extend the tombstone lifetime for DNS resource records stored in
the directory. This prevents resource records from being removed from the
directory while a new branch office domain controller is offline and being
shipped to its new location.
First I
did not understand it, but after testing
it on a DC I found the following and it is clear
now what it does
OK, here goes....
A DNS object is just like any other AD object... There is a
slight difference though
When a DNS object is deleted it is NOT AD tombstoned right
away like other objects and it is also not "moved" to the Deleted Objects
container of the naming context it resides it. Unlike any other objects it is
invisible in the DNS GUI and it remains in the location for the DNS Tombstone
Lifetime (don't know what the default is). When it is DNS tombstoned the
attribute dNSTombstoned is set to TRUE. After the DNS Tombstone Lifetime it is
AD tombstoned and "moved" to the Deleted Objects container of the naming context
it resides it.
If the DNS object is "recreated" within the DNS Tombstone
Lifetime the old DNS tombstoned object is revived (same GUID) as the attribute
dNSTombstoned is set to FALSE .
If someone knows the default, please let me
know.
Cheers,
Jorge
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
neil.ruston@xxxxxxxxxxxxxSent: Wednesday, September 14, 2005
12:08To: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE:
[ActiveDir] Tombstone Interval
Would
the latter refer to scavenged objects?
neil
--------------------------------------- Neil Ruston Nomura International Plc Tel: 020 7521 3481 neil.ruston@xxxxxxxxxxxxx
-----Original Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]On Behalf Of Almeida Pinto,
Jorge deSent: 14 September 2005 10:58To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Tombstone
Interval
Hi,
The first I
understand but I do not understand the second. Does anyone know what the
second does?
Thanks
Jorge
(1) configured per
forest in AD The tombstone lifetime
value in an Active Directory forest defines the default number of days that a
domain controller preserves knowledge of deleted objects. This value also
defines the useful life of a system state backup that is used for disaster
recovery or installation from backup media. Active Directory protects itself
from restoring data that is older than the tombstone lifetime by disallowing
the restore.
(2) configured per
DNS server in the registry manually or through DNSCMD /dstombstoneinterval[ 1-30]
Amount of time in seconds to keep
tombstoned records in Active Directory alive.
Met
vriendelijke groet / Kind regards,
Jorge de Almeida Pinto
Infrastructure Consultant __________________________________________
LogicaCMG Nederland B.V. (BU SD/AT) Division
Industry, Distribution and Transport (ID&T) Kennedyplein
248, 5611 ZT, Eindhoven . Postbus 7089 5605 JB
Eindhoven ( Tel
: +31-(0)40-29.57.777
2 Fax :
+31-(0)40-29.57.709 ( Mobile :
+31-(0)6-26.26.62.80
* E-mail :
Jorge.de.Almeida.Pinto@xxxxxxxxxxxxx
" http://www.logicacmg.com/> -
Solutions that matter -
This e-mail and any
attachment is for authorised use by the intended recipient(s) only. It may
contain proprietary material, confidential information and/or be subject to
legal privilege. It should not be copied, disclosed to, retained or used by,
any other party. If you are not an intended recipient then please promptly
delete this e-mail and any attachment and all copies and inform the sender.
Thank you.
PLEASE READ: The
information contained in this email is confidential and
intended for the
named recipient(s) only. If you are not an intended
recipient of this
email please notify the sender immediately and delete your
copy from your
system. You must not copy, distribute or take any further
action in reliance
on it. Email is not a secure method of communication and
Nomura International
plc ('NIplc') will not, to the extent permitted by law,
accept
responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence
of any virus, worm or similar malicious or disabling
code in, this
message or any attachment(s) to it. If verification of this
email is sought then
please request a hard copy. Unless otherwise stated
this email: (1) is
not, and should not be treated or relied upon as,
investment research;
(2) contains views or opinions that are solely those of
the author and do
not necessarily represent those of NIplc; (3) is intended
for informational
purposes only and is not a recommendation, solicitation or
offer to buy or sell
securities or related financial instruments. NIplc
does not provide
investment services to private customers. Authorised and
regulated by the
Financial Services Authority. Registered in England
no. 1550505 VAT No.
447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A
member of the Nomura group of companies. | | | |
| davidadner
Posts:0
| | 09/15/2005 12:55 PM |
| Another tidbit... DNS servers run through an internal
process every 2am to identify and delete "stale" dnsTombstone records.
It's at that point they begin the traditional AD object deletion process.
The 2am interval is not configurable.
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Dean
WellsSent: Wednesday, September 14, 2005 10:41 AMTo:
Send - AD mailing listSubject: RE: [ActiveDir] Tombstone
Interval
Since it appears most of your questions have already been answered,
I'll fill in only those that I see remain; the default value is 604800 seconds
or 7 days (note that the default value provided by TechNet is inaccurate)
-
dnscmd light.msetechnology.local /info
/dstombstoneinterval
The
specifics of the behavior have already been provided but not the "why?"; when
DNS records are maintained within AD, they are frequently registered,
re-registered and de-registered. Without DNS' "dstombstoneinterval"
mechanism, the de-registration of these records would have otherwise
triggered a run-of-the-mill AD tombstoning behavior thereby eating
through undesirably large quantities of DIT row space since re-registration
would have created a new record and not reanimated the existing tombstoned
record. This is particularly true to say of Windows 2000 since the
records were maintained within the domain NC and, as a result, replicated as
empty shells to the GC whose row space (in the most extreme of circumstances)
could become dangerously low due to the net total of all DNS registrations
across all domains using integrated zones within the entire forest (unlikely I
agree ... but you can't develop a product on the premise of "naaaa, that'll
never happen!" ... at least I live in hope). As an aside, it's worth
noting that app. NCs do not under any circumstance replicate their
content through the partial replication mechanism to a GC and, as such, a
Windows 2003 directory (when configured accordingly) is less susceptible to
this anyway.
--Dean
WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Almeida Pinto,
Jorge deSent: Wednesday, September 14, 2005 5:58 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Tombstone
Interval
Hi,
The first I
understand but I do not understand the second. Does anyone know what the
second does?
Thanks
Jorge
(1) configured per
forest in AD The tombstone lifetime
value in an Active Directory forest defines the default number of days that a
domain controller preserves knowledge of deleted objects. This value also
defines the useful life of a system state backup that is used for disaster
recovery or installation from backup media. Active Directory protects itself
from restoring data that is older than the tombstone lifetime by disallowing
the restore.
(2) configured per
DNS server in the registry manually or through DNSCMD /dstombstoneinterval[ 1-30]
Amount of time in seconds to keep
tombstoned records in Active Directory alive.
Met
vriendelijke groet / Kind regards,
Jorge de Almeida Pinto
Infrastructure Consultant __________________________________________
LogicaCMG Nederland B.V. (BU SD/AT) Division
Industry, Distribution and Transport (ID&T) Kennedyplein
248, 5611 ZT, Eindhoven . Postbus 7089 5605 JB
Eindhoven ( Tel
: +31-(0)40-29.57.777
2 Fax :
+31-(0)40-29.57.709 ( Mobile :
+31-(0)6-26.26.62.80
* E-mail :
Jorge.de.Almeida.Pinto@xxxxxxxxxxxxx
" http://www.logicacmg.com/> -
Solutions that matter -
This e-mail and any
attachment is for authorised use by the intended recipient(s) only. It may
contain proprietary material, confidential information and/or be subject to
legal privilege. It should not be copied, disclosed to, retained or used by,
any other party. If you are not an intended recipient then please promptly
delete this e-mail and any attachment and all copies and inform the sender.
Thank you. | | | |
|
|