Here is what you need to know:
If the value of tombstonelifetime = null/not set —— it ALWAYS equals 60 days. *this is very confusing because there are MICROSOFT articles that say otherwise but they are WRONG. (see joeware blog post below). I have also confirmed in our environment.
To determine the tombstone lifetime for the forest using ADSIEdit
- Click Start, point to Administrative Tools, and then click ADSI Edit.
- In ADSI Edit, right-click ADSI Edit, and then click Connect to.
- For Connection Point, click Select a well known Naming Context, and then click Configuration.
- If you want to connect to a different domain controller, for Computer, click Select or type a domain or server: (Server | Domain [:port]). Provide the server name or the domain name and Lightweight Directory Access Protocol (LDAP) port (389), and then click OK.
- Double-click Configuration, CN=Configuration,DC=ForestRootDomainName, CN=Services, and CN=Windows NT.
- Right-click CN=Directory Service, and then click Properties.
- In the Attribute column, click tombstoneLifetime.
The ‘default’ value will change based on the OS of the first DC installed in the domain:
- Windows 2000 (all SPs) = 60 days
- Windows Server 2003 without SP = 60 days
- Windows Server 2003 with SP1 = 180 days
- Windows Server 2003 R2 with SP1 installed with both R2 discs = 60 days
- Windows Server 2003 R2 with SP1 installed only with the first R2 Disc = 180
- daysWindows Server 2003 with SP2 = 180 days
- Windows Server 2003 R2 with SP2 = 180 days
- Windows Server 2008 = 180 days
- Windows Server 2008 R2 = 180 days