none
TombstoneLifetime values recommended

    Question

  • Hi community.

    I would like to get your advice/feedback on increasing Tombstone lifetime value.In a security approach I think there are benefits for:
    - datas retention (for certains kind of objects)
    - forensics and replication metadata analysis

    And cons like:
    - AD db white space / size
    - Backup and Restore

    My customer use a WS 2012r2 box with TSL set at 180 days (default value) and ad recycle bin is enabled.
    What do you think if TSL is increased to 365 days?

    Thanks in advance.


    Kévin KISOKA - MCITP Entreprise Messaging Administrator, MCTS Hyper-V Server Virtualization I do not represent the organisation I work for, all the opinions expressed here, are my own. This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Thursday, December 29, 2016 10:56 AM

All replies

  • Hello thanks for your answer.

    But it does not reply to my question and I already read a lot of topics on TSL before asking to the community so you could guess that I found these posts before posting here.


    Kévin KISOKA - MCITP Entreprise Messaging Administrator, MCTS Hyper-V Server Virtualization I do not represent the organisation I work for, all the opinions expressed here, are my own. This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Thursday, December 29, 2016 2:54 PM
  • Hello Kevin,

    You have already and perfectly provided the pros and cons. There are no specific recommendations and I personally leave the default settings. If the client has specific policies / requirements then you need to see how to meet their needs knowing the pros and cons you shared.

    From a security perspective (and I a security guy), the most important thing for me is to keep track of changes. For this, I usually provide Powershell scripts for operations so that any changes will result in an e-mail notification and I use third party tools to keep track of changes and archive them for any needed investigation. Usually, when objects are removed accidentally or require a restore, complains or the request would come in few days / weeks.


    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Friday, December 30, 2016 1:21 AM
  • Hi Alex, Great thanks. Yes ITS ask for 365days timespan for reporting purpose

    Kévin KISOKA - MCITP Entreprise Messaging Administrator, MCTS Hyper-V Server Virtualization I do not represent the organisation I work for, all the opinions expressed here, are my own. This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Friday, December 30, 2016 5:42 PM
  • Hi,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, January 9, 2017 2:49 AM
    Moderator