Active Directory preserved attributes in TombStone

Posted on by

Hello,

When an Active Directory object is deleted, by default, the object goes in “TombStone” for 180 days. It looses a lot of its data, only a subset of attributes are preserved, you can find them with that PowerShell example :

#Preserved Attributes in TombStone
$dse = [adsi]“LDAP://RootDSE”
$SchemaPart=$dse.schemaNamingContext
$TombStoneAttSearcher=[ADSISearcher]"(searchFlags:1.2.840.113556.1.4.803:=8)"
$TombStoneAttSearcher.SearchRoot=[adsi]"LDAP://$SchemaPart"
$TombStoneAttSearcher.FindAll() | Select-Object -ExpandProperty Path | % {($_ -split ",")[0]} | % {($_ -split "=")[1]} | Sort-Object

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.