惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

有赞技术团队
有赞技术团队
MyScale Blog
MyScale Blog
The Hacker News
The Hacker News
Google DeepMind News
Google DeepMind News
The Cloudflare Blog
GbyAI
GbyAI
Vercel News
Vercel News
量子位
Apple Machine Learning Research
Apple Machine Learning Research
Recent Announcements
Recent Announcements
美团技术团队
D
DataBreaches.Net
H
Help Net Security
大猫的无限游戏
大猫的无限游戏
人人都是产品经理
人人都是产品经理
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
B
Blog RSS Feed
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Y
Y Combinator Blog
S
Secure Thoughts
S
SegmentFault 最新的问题
The Last Watchdog
The Last Watchdog
Jina AI
Jina AI
Security Archives - TechRepublic
Security Archives - TechRepublic
F
Fortinet All Blogs
C
Check Point Blog
小众软件
小众软件
阮一峰的网络日志
阮一峰的网络日志
Schneier on Security
Schneier on Security
MongoDB | Blog
MongoDB | Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Stack Overflow Blog
Stack Overflow Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Hacker News: Ask HN
Hacker News: Ask HN
博客园 - 【当耐特】
Simon Willison's Weblog
Simon Willison's Weblog
Scott Helme
Scott Helme
S
Security @ Cisco Blogs
SecWiki News
SecWiki News
Hugging Face - Blog
Hugging Face - Blog
博客园 - 叶小钗
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Google Online Security Blog
Google Online Security Blog
S
Securelist
L
LINUX DO - 最新话题
Forbes - Security
Forbes - Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
I
InfoQ
Engineering at Meta
Engineering at Meta

博客园 - enjoy .net

visual basic video series:Forms over data 无功倒送问题 变压器高低压侧的电流计算 爬电、爬距(泄漏距离)、爬电比距 使用BackgroundWorker进行Thread编程 VS2005的初体验 地板选购指南 IT服务管理时代已经到来 IT服务管理的效果分析 How to use the Install from Media feature to promote Windows Server 2003-based domain controllers 70-294读书笔记 TechED上海 Windows 2003故障恢复 几乎没有管理的国企! ASP.Net 2.0中的Membership,Role和Profile 关于ASP.Net 2.0中的Theme ntdsutil的功能 体验了一次DNS的动态更新功能 Flexible Single Master Operations (FSMO)
术语: Tombstone/Tombstone Lifetime
enjoy .net · 2005-09-15 · via 博客园 - enjoy .net

Tombstones are markers that indicate that an object has been deleted.
Rather than immediately physically deleting a designated object, the database removes most of its attributes, moves it to the Deleted Objects folder, and then marks the object as being tombstoned.

为什么要Tombstoning?

The purpose of tombstoning is to allow the change to be replicated to all domain controllers. The tombstone lifetime interval can be changed by using the ADSI Edit tool

Tombstone lifetime
is a delay between the time an object is marked with the originating delete and the time it is physically removed from the database.

You cannot restore Active Directory from a backup that is more than the tombstone lifetime, which is 60 days by default.
A domain controller keeps track of deleted objects for only this period.

以下文字摘录自 Useful shelf life of a system-state backup of Active Directory
If your only backup of Active Directory is older than the tombstone lifetime setting, reinstall the server after confirming there is at least one surviving domain controller in the domain from which new replicas can be synchronized. You can lose all but one server in the domain and still recover without a loss of data, assuming that the remaining survivor holds current information.
以上的大致意思是如果有2台或2台以上的DC,其中一个出了故障,并且备份的时间超过了60天(tombstone lifetime),则可以重新安装该DC,并通过复制来对该DC进行更新。

If every server in the domain is destroyed, restore one server from an arbitrarily outdated backup, and replicate all other servers from the restored one.
以上的大致意思又是如果所有的DC均损坏,还可以通过强制的方式过期的备份进行还原,这不是和“You cannot restore Active Directory from a backup that is more than the tombstone lifetime, which is 60 days by default.”这句话相矛盾吗?