• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1011
  • Last Modified:

RODC tombstone concerns

2 DC's of Win 2008 in main office and 1 RODC in our remote office. The office will be shutdown in the winter for 6 months. Just worried about the tombstone problem, not sure though. Can someone confirm whether the RODC will be moved to tombstone after 6 months? or what else can I do to avoid this tombstone issue?"
  • 2
  • 2
1 Solution
Ram BalachandranCommented:
Default tombstone period for Windows 2008 DCs is 180 Days [ ie almost 6 months]
But you can always modify the tombstone period :

Find tombstonelifetime

dsquery * "cn=directory service,cn=windows nt,cn=services,cn=configuration,dc=<forestDN>" -scope base -attr tombstonelifetime

How to modify tombstone



Coming to your question,

If the DC is not available in the network more than specified by the tombstone lifetime attribute, following Error event may be logged in the Directory Service log:

Event ID: 2042
Source: NTDS Replication
Type: Error
Description: It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.

When this replication does not occur, you may experience an inconsistency in the contents of Active Directory databases on domain controllers in the forest. This inconsistency occurs because knowledge of deletes is persisted for tombstone lifetime number of days. Domain controllers that do not transitively inbound replicate Active Directory change in a rolling tombstone lifetime number of days cause lingering objects. Lingering objects are objects intentionally deleted by an administrator, service or operating system that incorrectly exists on destination DCs that did not perform timely replication.

Hence recommend you to either establish the connection before 6 months, or change the tombstone life period

wmbuchan2013Author Commented:
Thank you so much, perfect.
wmbuchan2013Author Commented:
Perfect, great steps to resolution along with Microsoft's page for reference!
Ram BalachandranCommented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now