Tombstone lifetime and backup confusion


  • Hi All,

    I am reading about AD backups and tombstone values. The numbers (60 day versus 180 days) is all good, but the workflow that would cause problems does not make much sense to me. Although I would unlikely encounter this issue as I take daily backups of all DCs (a question on this later), below is my understanding and a workflow that would cause this problem:

    60 day tombstone (the actual number of days doesn't matter as the concept is the same, I believe it's 180 days for 2003 and upwards).

    Backup of the system state was taken 65 days ago

    restore this backup onto a dc (lets call this TestDc1) - so now TestDc1 has a tombstoned object, while on TestDc2 (the only other replication partner), the object exists with no knowledge it is to be deleted. Is this correct? Is this the same or very similar to a lingering object situation?

    How would this not be a problem if the backup was taken 59 days ago? Is it because the object would be "marked for deletion" and the other DCs can pick up this status of the object and replicate this, and then delete the object?

    This topic touches on replication, which brings me to another question:

    1) Replication between 2 DCs is on a schedule set in sites and services (lets assume 2 DCs in a single-domain forest with no changing of settings). This is 15 minutes or a value like that. However, if I create an object on DC1, it appears on DC2 straight away, why would this be? Also, even on environments with replication problems, this test works. Would it be a good test for replication to create an object on one DC and test if it appears on the other?

    2) What's the reasoning to backup every DC in a domain rather than just one? I can imagine the fact that FSMO roles being spread across DCs as one, but I saw somewhere a reason being related to tombstone values.


    Monday, July 29, 2013 11:00 PM


All replies