Deleted Objects
It was previously mentioned that deleted objects are handled differently. This is due to the fact that, in a distributed directory structure such as Active Directory, you can't just delete an object from a instance of the directory and have it automatically removed without some other assistance—a tombstone.
Whenever an object is deleted, the lack of its existence is not what is replicated. Instead, a tombstone is set, which signifies that the object has been marked for deletion. The tombstone has a lifetime (by default) of 60 days, at which time the garbage collection process actually deletes the object from the directory.
Although changing the tombstone lifetime is not recommended, it is possible.
To change the tombstone lifetime, ...
Get Special Edition Using Microsoft Active Directory now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
