Unless you have intervened by setting TSL manually, the answer depends on how your AD was installed/upgraded. In 2K it was 60 days. In 2003 SP1 and beyond, default TSL is intended to be 180 days but a bug in R2 didn't increase it. That was first rectified in SP2 IIRC.
It's best to just check the attribute "tombstoneLifetime" on the object "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=<domain>,DC=<tld> It will be either <not set> which = 60 or 180 unless it was manually set. If it isn't at 180 most people I know set it there because "that's what it's supposed to be now" and it increases- * The useful life of backups that are used for data recovery scenarios. * The useful life of system state backups that are used for promotions using the Install from Media feature. * The time that domain controllers can be offline. In your case the "in the crate time" :-) * The time that a domain controller may be offline and still return to the domain successfully. * The time that a domain controller may experience a replication failure and still return to the domain successfully. * The number of days that the originating domain controller retains knowledge of deleted objects. See- joeware - » Blog Archive » R2 tombstoneLifetime boo boo http://blog.joeware.net/2006/07/23/484/ Tombstone Lifetime within an AD forest when installing the FIRST DC http://blogs.dirteam.com/blogs/jorge/archive/2006/07/23/1233.aspx Useful shelf life of a system-state backup of Active Directory http://support.microsoft.com/kb/216993 The default tombstone lifetime (TSL) value remains at 60 days instead of increasing to 180 days in Windows Server 2003 R2 http://support.microsoft.com/kb/924890 From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 12, 2008 3:37 PM To: NT System Admin Issues Subject: DC Offline I know we have discussed this before, but I probably didn't pay attention and now I need to know. How long can a DC remain offline before it goes sour? I have a need to build a small network then ship it off somewhere. It may end up staying in the crate for a few days as well, so let's say it could be off for a week. It would be a standalone domain and this would be the only DC for it. Its demo stuff.... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
