DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 198793 - Last Review: February 22, 2007 - Revision: 3.4

This article was previously published under Q198793

On This Page

SUMMARY

In Microsoft Windows 2000 and in Microsoft Windows Server 2003, the Active Directory database incorporates a garbage collection process that runs independently on each domain controller in the enterprise.

MORE INFORMATION

Garbage collection is a housekeeping process that is designed to free space within the Active Directory database. In Windows 2000 and in the original release version of Windows Server 2003, this process runs on every domain controller in the enterprise with a default lifetime interval of 12 hours. You can change this interval by modifying the garbageCollPeriod attribute in the enterprise-wide DS configuration object (NTDS).

The path of the object in the Contoso.com domain would resemble the following:
CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=CONTOSO,DC=COM
Use an Active Directory editing tool to set the garbageCollPeriod attribute. Supported tools include Adsiedit.msc, Ldp.exe, and Active Directory Service Interfaces (ADSI) scripts.

When an object is deleted, it is not removed from the Active Directory database. Instead, the object is instead marked for deletion at a later date. This mark is then replicated to other domain controllers. Therefore, the garbage collection process starts by removing the remains of previously deleted objects from the database. These objects are known as tombstones. Next, the garbage collection process deletes unnecessary log files. Finally, the process starts a defragmentation thread to claim additional free space.

In addition, there are two methods to defragment the Active Directory database in Windows 2000 and in Windows Server 2003. One method is an online defragmentation operation that runs as part of the garbage collection process. The advantage of this method is that the server does not have to be taken offline for the operation to run. However, this method does not reduce the size of the Active Directory database file (Ntds.dit). The other method takes the server offline and defragments the database by using the Ntdsutil.exe utility. This approach requires that the database to start in repair mode. The advantage of this method is that the database is resized and unused space is removed. Therefore, and the size of the Ntds.dit file is reduced. To use this method, the domain controller must be taken offline.

Changes to tombstone lifetime in Windows Server 2003 Service Pack 1

The default tombstone lifetime (TSL) in Windows Server 2003 has proven to be too short. For example, a prestaged domain controller may be in transit for longer than 60 days. An administrator may not resolve a replication failure or bring an offline domain controller into operation until the TSL is exceeded. Windows Server 2003 Service Pack 1 (SP1) increases the TSL from 60 to 180 days in the following scenarios:
  • A Windows NT 4.0 domain controller is upgraded to Windows Server 2003 by using Windows Server 2003 SP1 installation media to create a new forest.
  • A Windows Server 2003 SP1 computer creates a new forest.
Windows Server 2003 SP1 does not modify the value of TSL when either of the following conditions is true:
  • A Windows 2000 domain is upgraded to Windows Server 2003 by using installation media for Windows Server 2003 with SP1.
  • Windows Server 2003 SP1 is installed on a domain controller that is running the original release version of Windows Server 2003.
Increasing the TSL for a domain to 180 days has the following benefits:
  • Backups that are used in data recovery scenarios have a longer useful life.
  • System state backups that are used for installation from media promotions have a longer useful life.
  • Domain controllers can be offline longer. Prestaged computers approach TSL expiration less frequently.
  • A domain controller can successfully return to the domain after a longer time offline.
  • Knowledge of deleted objects is retained longer on the originating domain controller.

APPLIES TO
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
Keywords: 
kbenv kbinfo KB198793
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support