What is a Tombstone?
A tombstone is an object deleted from the directory, but not yet removed from the database. They are removed (physically deleted) by the garbage collection process once they are older than the tombstone lifetime.
Default Tombstone Lifetime
The tombstone lifetime is determined by the value of the tombstoneLifetime attribute on the Directory Service object in the configuration directory partition. Its default value depends on the server OS version of the first DC in the forest and is either 60 or 180 days. For domain controllers upgraded to Windows Server 2008 that use a tombstone lifetime of 60 days, Microsoft recommends manually setting the value to 180 days. One of the benefits this provides is an increase in the useful life of backups.
Restoring an Active Directory Domain Controller backup that has exceeded the tombstone lifetime can cause numerous problems. The severity of these problems depend on the particular configuration of the forest as well as the Windows Server version being used. Typical problems include:
- Lingering objects
- Permanent inconsistencies between the restored DC and its replication partners
- The server is blocked from replication
These types of problems can be time-consuming to find and fix, especially on older server versions that don't log an event (the event is not logged because no errors are logged).
Since the useful life of a domain controller backup is the same as the tombstone lifetime it's necessary to create at least one backup within that time period (a minimum of two is recommended). For production environments, it's recommended to create system state backups of at least two different domain controllers each day.
Even though Microsoft doesn't support imaging as a backup and recovery method for Active Directory Domain Controllers, when done correctly, imaging can be successfully used on its own or along with system-state backups. As with a standard system-state-only backup configuration, failing to perform the backup or restore correctly may result in undesirable issues (such as USN rollback).
Regardless of the backup and restore methods used, the restore must be from a backup created within the tombstone lifetime to be considered valid. A backup that is older than the tombstone lifetime set in Active Directory is not a good backup.
Please reference the following Microsoft KB articles for more details: