Hi, I am a complete newbie to computing and software, and I have been playing around with the working and architecture of Windows OS. However, the concept of Active Directory(AD) and “tombstones” puzzles me. What does a tombstone in Active Directory mean?
Hey there! You might already know that the Active Directory consists of objects. For example, a user account that you have added is an object. Well, a tombstone in active directory basically refers to a container object comprising of all the deleted objects from the Active Directory.
That is, when you delete an object from the Active Directory (a user, for instance), it is not deleted from the database. The object physically lives in the database for a particular extent of time known as the Tombstone Lifetime. Once this period ends, the isDeleted attribute of the object is set to “true,” resulting in the physical deletion of the object from the database.
