Professional Documents
Culture Documents
Autor: Publicao: Este tutorial se aplica a: Compartilhe este artigo: Marcelo Vighi 04-May-2011 Active Directory
Overview
Neste tutorial mostraremos como voc pode gerenciar os atributos do AD responsveis pelo deleted object lifetime e tombstone lifetime, de modo adequar o tempo em que os objetos deletados estaro disponveis para restaurao utilizando a funcionalidade de Recycle Bin do Windows Server 2008 R2 . Os tempos do tombstone lifetime e do deleted object lifetime so determinados respectivamente pelos atributos tombstoneLifetime e msDS-deletedObjectLifetime. Quando o valor do atributo tombstoneLifetime estiver setado para NULL, ele vai possuir o valor padro de 180 dias. Por default o atributo msDS-deletedObjectLifetime possui o valor NULL, e quando ele possui este valor ele ir utilizar o valor configurado no atributo tombstoneLifetime. Se voc deseja que os seus objetos deletados sejam passveis de restaurao por um perodo maior que o default de 180 dias, voc pode aumentar apenas o atributo tombstoneLifetime e manter o atributo msDS-deletedObjectLifetime com valor default (Null). Porm penso ser uma boa prtica alterar os dois atributos para o mesmo valor.
FREE: Discover Active Directory Effective Permissions in Seconds Now you can quickly see WHO has permission to do WHAT and answer the questions that suck up your time and your patience! SolarWinds FREE Permissions Analyzer gives you instantaneous visibility into the effective permissions & access rights for a specific file folder or share drive - all from a cool desktop dashboard! - The Petri IT Knowledgebase Team Download FREE Permissions Analyzer Now By default, the Active Directory tombstone lifetime is sixty days. This value can be changed if necessary. To change this value, the tombstoneLifetime attribute of the CN=Directory Service object in the configuration partition must be modified. This object is located here:
cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,dc=
Note: Longer tombstone lifetime decreases the chance that a deleted object remains in the local directory of a disconnected DC beyond the time when the object is permanently deleted from online DCs. The tombstone lifetime is not changed automatically when you upgrade to Windows Server 2003 with SP1, but you can change the tombstone lifetime manually after the upgrade. New forests that are installed with Windows Server 2003 with SP1 have a default tombstone lifetime of 180 days. You can check your tombstone lifetime attribute by using the following command:
dsquery * " cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,dc=" -scope base -attr tombstonelifetime
There are several ways of modifying this attributes value, the easiest is using ADSIEdit.
2. Navigate to:
cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,dc=
Where "ForestRootDN" is the Distinguished Name of your Active Directory Forest Root domain. For example, if your domain's name is kuku.co.il, then the DN for it would be:
DC=kuku,DC=co,DC=il
4. In the resultant properties dialog, scroll down to tombstoneLifetime, select this attribute and choose Edit.
6. Click OK and then close ADSIEdit. When you view properties on cn=Directory Service,cn=Windows NT, cn=Services,cn=Configuration,dc=, if no value is set it means that the default value is in effect. Any value that you type in the Edit Attribute box replaces the default value when you click Set . The default value for these two attributes applies if the attribute is not set (the initial state of the system).
este artigo:
Overview
Neste tutorial mostraremos como voc pode gerenciar os atributos do AD responsveis pelo deleted object lifetime e tombstone lifetime, de modo adequar o tempo em que os objetos deletados estaro disponveis para restaurao utilizando a funcionalidade de Recycle Bin do Windows Server 2008 R2 . Os tempos do tombstone lifetime e do deleted object lifetime so determinados respectivamente pelos atributos tombstoneLifetime e msDS-deletedObjectLifetime. Quando o valor do atributo tombstoneLifetime estiver setado para NULL, ele vai possuir o valor padro de 180 dias. Por default o atributo msDS-deletedObjectLifetime possui o valor NULL, e quando ele possui este valor ele ir utilizar o valor configurado no atributo tombstoneLifetime. Se voc deseja que os seus objetos deletados sejam passveis de restaurao por um perodo maior que o default de 180 dias, voc pode aumentar apenas o atributo tombstoneLifetime e manter o atributo msDS-deletedObjectLifetime com valor default (Null). Porm penso ser uma boa prtica alterar os dois atributos para o mesmo valor.