You want to change the default tombstone lifetime for a domain.
Open ADSI Edit.
In the left pane, expand cn=Configuration cn=Services cn=Windows NT.
Right-click on cn=Directory Service and select Properties.
Set the tombstoneLifetime attribute to the number of days that tombstone objects should remain in Active Directory before getting removed completely (the default is 60 days).
Click OK.
Create an LDIF file called change_tombstone_lifetime.ldf with the following contents:
dn: cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,<ForestRootDN> changetype: modify replace: tombstoneLifetime tombstoneLifetime: <NumberOfDays> -
then run the following command:
> ldifde -v -i -f change_tombstone_lifetime.ldf
' This code modifies the default tombstone lifetime ' ------ SCRIPT CONFIGURATION ------ intTombstoneLifetime = <NumberOfDays> ' ------ END CONFIGURATION --------- set objRootDSE = GetObject("LDAP://RootDSE") set objDSCont = GetObject("LDAP://cn=Directory Service,cn=Windows NT," & _ "cn=Services," & objRootDSE.Get("configurationNamingContext") ) objDSCont.Put "tombstoneLifetime", intTombstoneLifetime objDSCont.SetInfo WScript.Echo "Successfully set the tombstone lifetime to " & _ intTombstoneLifetime
It is not recommended that you change this setting unless you have a very good reason. Lowering this value below the 60-day default, also lowers the length of time a backup of Active Directory is good for. See Introduction in Chapter 16 and Recipe 16.16 for more information on tombstone (deleted) objects and the tombstone lifetime.
Recipe 16.13 for more on the garbage collection process, MS KB 198793 (The Active Directory Database Garbage Collection Process), MS KB 216993 (Backup of the Active Directory Has 60-Day Useful Life), and MS KB 314282 (Lingering Objects May Remain After You Bring an Out-of-Date Global Catalog Server Back Online)