| |
GeekInterview.com > Interview Questions > Networking > Client/Server Computing
| Print | |
Question: Tombstone Object
Answer: What is tombstone object in Windows Server 2003 Active Directory, How can we recover a deleted item using Tombstone? |
| December 12, 2008 06:23:41 |
#1 |
| drum4ravi |
Member Since: December 2008 Total Comments: 3 |
RE: Tombstone Object
|
When Active Directory deletes an object from the directory, it does not physically remove the object from the database. Instead, Active Directory marks the object as deleted by setting the object's is Deleted attribute to TRUE, stripping most of the attributes from the object, renaming the object, and then moving the object to a special container in the object's naming context (NC) named CN=Deleted Objects. The object, now called a tombstone, is invisible to normal directory operations. It does not show up in any Microsoft Management Console (MMC) snap-ins, and most Lightweight Directory Access Protocol (LDAP) utilities are blissfully unaware of the tombstone's existence. The tombstone is, for all intents and purposes, gone. The data, however, is still there—it's just invisible. So why does Active Directory keep tombstones, otherwise deleted objects, in the database?
While invisible to other processes, a tombstone is visible to the Active Directory replication process. In order to make sure the deletion is performed on all the DCs that host the object being deleted, Active Directory replicates the tombstone to the other DCs. Thus the tombstone is used to replicate the deletion throughout the Active Directory environment.
|
| |
Back To Question | |
