|
|||
|
|
|
| Home |
| About |
| Hobbies |
| Software |
| Hardware |
| ICT Hotlist |
| Purpose |
webhalla
#EDPS opens investigations following the “#Schrems II” Judgement regarding the use of cloud services provided by #Amazon Web Services #aws and #Microsoft and one regarding the use of Microsoft #Office365 by the European Commission #gdpr #privacy #cloudact https://t.co/BJP48W6WtV https://t.co/fJA1stx7oy
28 May 2021
Dutch #supervisoryAuthority first fine for a #Municipality. #Enschede city fined € 600.000 for #wifitracking visitors of shopping centre for toooooo long. @toezicht_AP #GDPR #privacy #fines https://t.co/CjCPwqgUpo https://t.co/vSkoTAkoVE
29 Apr 2021
#Belgian #DPA releases data ‘#sanitisation,’ #destruction recommendations Document helps #controllers, #processors, #information #security advisers, #DPO choose and integrate an appropriate sanitization technique to comply with #EU #GDPR @PrivacyPros https://t.co/4XcVe10amO https://t.co/ctr2h0TSRV
27 Apr 2021
#EuropeanCommission published proposals for the #regulation of #ArtificialIntelligence #AI Fines of up to 6% of global turnover, rules and prohibitions governing high-risk AI systems. How will it impact developers and utilizers of #AI-systems? https://t.co/1i75hPdJs8 #privacy https://t.co/KFnO21zMKL
23 Apr 2021
#EDPB , Andrea Jelinek said: "..the EDPB recognises that the #UK has mirrored, for the most part, the #GDPR and #LED in its data protection framework and when analysing its law and practice, the EDPB identified many aspects to be essentially equivalent..” https://t.co/QDdLz9Gnmt https://t.co/rQvm4krEXT
19 Apr 2021
ICT-Hotlist Topic
Back to the ICT-Hotlist...
Don't miss latest updates 
@WebHallaHow to determine Active Directory Tombstone Lifetime
Microsoft Active Directory is a multi-master database replicated among multiple Domain Controllers. To make sure that objects are fully replicated before any deletions are processed (purged), objects are marked for deletion (soft delete).The Active Directory Tombstone Lifetime determines how long deleted items exist in the Active Directory before they are purged. The default value was originally 60 days, but this was increased to 180 days starting with new Active Directory forests created with Windows 2003 SP1 or newer. This also has consequences for Domain Controllers down time. A Domain Controller that is off-line for longer than the Active Directory Tombstone Lifetime should not be brought on-line.
How to determine Active Directory Tombstone Lifetime value?
This topic will show you two ways:- Using AdsiEdit
- Using PowerShell 2.0 or newer
Determining Active Directory Tombstone Lifetime value using AdsiEdit
- Start AdsiEdit
- Navigate to Configuration [<FQDN server>] | CN=Services | CN=Windows NT | CN=Directory Service
Example: CN=Configuration,DC=NLAALDC1,DC=local | CN=Services | CN=Windows NT | CN=Directory Service - Right click and select Properties
- Select tombstoneLifetime
- When the value is not set, the tombstone lifetime setting is set to 60 days (default for AD forests installed with Windows 2003 or older).
Determining Active Directory Tombstone Lifetime value using PowerShell 2.0 or newer
###############################################################################################
# This PowerShell script determines the Active Directory Tombstone Lifetime Setting
#
# System requirements: - Run this script on a Domain Controller (AD DS/LDS role) or (preferred)
# Windows workstation with RSAT
# - PowerShell 2.0 or newer
# (C)Copyrights 2016 - 2021 vanSoest.it by J.P.G. van Soest
###############################################################################################
# Load the Active Directory PowerShell module.
Import-Module ActiveDirectory
# Clear the screen so the data is nicely presented.
cls
Write-Output "This PowerShell script determines the Active Directory Tombstone Lifetime Setting" # Connect to the Active directory Configuration Partition $ADForestconfigurationNamingContext = (Get-ADRootDSE).configurationNamingContext
$DirectoryServicesConfigPartition = Get-ADObject -Identity "CN=Directory Service,CN=Windows NT,CN=Services,$ADForestconfigurationNamingContext" -Partition $ADForestconfigurationNamingContext -Properties *
# Extract the correct values $TombstoneLifetime = $DirectoryServicesConfigPartition.tombstoneLifetime $ADCreated = $DirectoryServicesConfigPartition.Created # if no value exists, it is an Active Directory created with Windows 2003 or older. Default is 60 days. if (!$TombstoneLifetime){ $TombstoneLifetime = 60 } # Format output Write-Output "Active Directory is created at $ADCreated and it's Tombstone Lifetime is set to $TombstoneLifetime days."
This script requires an installed PowerShell Active Directory module. The PowerShell AD module is installed:
# This PowerShell script determines the Active Directory Tombstone Lifetime Setting
#
# System requirements: - Run this script on a Domain Controller (AD DS/LDS role) or (preferred)
# Windows workstation with RSAT
# - PowerShell 2.0 or newer
# (C)Copyrights 2016 - 2021 vanSoest.it by J.P.G. van Soest
###############################################################################################
# Load the Active Directory PowerShell module.
Import-Module ActiveDirectory
# Clear the screen so the data is nicely presented.
cls
Write-Output "This PowerShell script determines the Active Directory Tombstone Lifetime Setting" # Connect to the Active directory Configuration Partition $ADForestconfigurationNamingContext = (Get-ADRootDSE).configurationNamingContext
$DirectoryServicesConfigPartition = Get-ADObject -Identity "CN=Directory Service,CN=Windows NT,CN=Services,$ADForestconfigurationNamingContext" -Partition $ADForestconfigurationNamingContext -Properties *
# Extract the correct values $TombstoneLifetime = $DirectoryServicesConfigPartition.tombstoneLifetime $ADCreated = $DirectoryServicesConfigPartition.Created # if no value exists, it is an Active Directory created with Windows 2003 or older. Default is 60 days. if (!$TombstoneLifetime){ $TombstoneLifetime = 60 } # Format output Write-Output "Active Directory is created at $ADCreated and it's Tombstone Lifetime is set to $TombstoneLifetime days."
- by default, on a Windows Server 2008 R2, 2012 R2 or newer when you install the AD DS or AD LDS server roles
- by default, when you make a Windows Server 2008 R2 or newer a domain controller by running Dcpromo.exe
- as part of the Remote Server Administration Tools (RSAT) feature on a Windows Server 2008 R2 server
- as part of the RSAT feature on a Windows 7, 8.1 or 10 computer
Using this script on a Windows 7, 8.1 or 10 desktop?
You may need to load the Active Directory module by configuring RSAT. Read more about installing and configuring RSAT here
You may vote your opinion about this article:
Scripts and programming examples disclaimer
Unless stated otherwise, the script sources and programming examples provided are copyrighted freeware. You may modify them, as long as a reference to the original code and hyperlink to the source page is included in the modified code and documentation. However, it is not allowed to publish (copies of) scripts and programming examples on your own site, blog, vlog, or distribute them on paper or any other medium, without prior written consent.Many of the techniques used in these scripts, including but not limited to modifying the registry or system files and settings, impose a risk of rendering the Operating System inoperable and loss of data. Make sure you have verified full backups and the associated restore software available before running any script or programming example. Use these scripts and programming examples entirely at your own risk. All liability claims against the author in relation to material or non-material losses caused by the use, misuse or non-use of the information provided, or the use of incorrect or incomplete information, are excluded. All content is subject to change and provided without obligation.
