hmm - what would be the reason why you'd want to purge a
single deleted object (tombstone) from your AD? What secret information
does the tombstone contain, that you don't wish remains in it? Realize
that there are hardly any attributes that remain in the tombstone by default,
unless you've changed the searchflags of your attributes to include
more.
E.g. by default, only the following attributes are kept in
a user account's tombstone from the searchflags are:
Instance-Type
Legacy-Exchange-DN
NT-Security-Descriptor
Object-Class
Object-Guid
Object-Sid
Repl-Property-Meta-Data
SAM-Account-Name
System-Flags
uid
User-Account-Control
USN-Changed
USN-Created
Legacy-Exchange-DN
NT-Security-Descriptor
Object-Class
Object-Guid
Object-Sid
Repl-Property-Meta-Data
SAM-Account-Name
System-Flags
uid
User-Account-Control
USN-Changed
USN-Created
Note that a few other attributes are hardcoded in
AD to remain in the tombstone. If these really contain anything critical
you'd want to get rid of (maybe in the name attribute etc.), you'd have the
option to reanimate the tombstone (undelete) and then edit it appropriately, and
delete it again :-). I'm actually unsure if the system allows you to edit
the object in the deleted items container directly - might be worth a
try.
/Guido
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner
Sent: Montag, 22. Mai 2006 14:34
To: [email protected]
Subject: RE: [ActiveDir] Delete only one object in the Tombstone.
Hello
Tiroa,
it is not
possible to purge Tombstones, no matter if one or all. For all you'd be able to
modify tombstone lifetime and the system time, however I strongly doubt this
would be supported by MS (tombstone-lifetime is supported, modifying systemtime
to enforce garbage collection of tombstones most likely
not).
Gruesse - Sincerely,
Ulf B. Simon-Weidner
Profile
& Publications: http://mvp.support.microsoft.com/profile="">
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: Monday, May 22, 2006 10:59 AM
To: [email protected]
Subject: [ActiveDir] Delete only one object in the Tombstone.Hello,I'd like to know if it is possible to delete *only one* object in the tombstone instead of purging all the objects ?Thanks,Yann
