Announcement

Collapse
No announcement yet.

Tombstone Life

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Tombstone Life

    Hi, I hope you can help please.

    I am chasing a bit of advice on active directory and the tombstone life.

    Here is some background.

    There is only one server (SBS 2003) on the network (domain controller) and the data and system state is backed up every day.

    I have a backup server that holds a successfully restored image of the actual server. I image the actual server, then restore the image to the spare and store it away from the office. This is so that in the event of a disaster I can plug in the spare, do any necessary updates to Windows etc and away we go.

    I wasnt aware of AD tombstone life as i'm a bit of a novice (It's not my job, I do it as extra as I'm the only one in the office who knows any IT).

    I now know the default tombstone life is 60 days so what would happen if I didnt need to use the spare for say 12 months and then need to use it?

    Should I be shutting the actual server down and connecting the spare every 59 days to ensure the life doesnt expire? If so, how long does it need to be connected for to avert the tombstone life expiring?

    At the moment (although I may be confused) I'm thinking I need to either ensure I have an image less than 60 days old or ensure that the system state can be restored effectively (even if the image is older than 60 days).

    I am also trying to work out how to increase the life to 180 days as if I need to keep creating new images 60 days is too short a span.

    Please can anyone advise on my best course of action or help me out on my 'what if' questions'.

  • #2
    Re: Tombstone Life

    I think you will need to create an image that is less than 30 days old or the SSID of the workstations will not match what is on the Server.

    Will move this to the SBS 2003 Forum as Teiger may have some good input for you.
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

    Comment


    • #3
      Re: Tombstone Life

      Originally posted by biggles77 View Post
      I think you will need to create an image that is less than 30 days old or the SSID of the workstations will not match what is on the Server.

      Will move this to the SBS 2003 Forum as Teiger may have some good input for you.
      Thanks for your reply.

      This gets even more confusing.

      Comment


      • #4
        Re: Tombstone Life

        Can anyone advise further on this SID not matching problem that I may encounter?

        Comment


        • #5
          Re: Tombstone Life

          The SID does not change, the computer account password changes. If I'm not mistaken, this happens every 30 days. The problem you might encounter is not being able to log on to the domain from your computers, neccessitating a reset of the computer accounts and a disjoin-rejoin of the domain. If you're going to follow this path I would recommend capturing an image every 30 days to avoid this.

          Comment


          • #6
            Re: Tombstone Life

            Originally posted by joeqwerty View Post
            The SID does not change, the computer account password changes. If I'm not mistaken, this happens every 30 days. The problem you might encounter is not being able to log on to the domain from your computers, neccessitating a reset of the computer accounts and a disjoin-rejoin of the domain. If you're going to follow this path I would recommend capturing an image every 30 days to avoid this.

            Does the computer account password change even if i've set it to never change?

            Do you mean the computer account password on the server or desktops?

            Comment


            • #7
              Re: Tombstone Life

              All computer accounts (servers, workstations, etc.) in the domain have passwords. The password is not user configurable. Take a look here for more info:

              http://blogs.technet.com/askds/archi...d-process.aspx

              Comment


              • #8
                Re: Tombstone Life

                Thanks for your replies.

                This is like a can of worms now. Everywhere I turn there is another problem.

                I take images once a week so should be ok. Dont have time to restore them once a month though.

                Comment


                • #9
                  Re: Tombstone Life

                  Originally posted by biggles77 View Post
                  I think you will need to create an image that is less than 30 days old or the SSID of the workstations will not match what is on the Server.

                  Will move this to the SBS 2003 Forum as Teiger may have some good input for you.
                  SSID, what idiot said that? My apologies dkb, I did of course mean SID and as Joe pointed out it was the machine account I should have been refering to as well.

                  What are you using to create the image?
                  Is there any reason why you do it each week as it could be done every third one? That was a curiosity question.
                  1 1 was a racehorse.
                  2 2 was 1 2.
                  1 1 1 1 race 1 day,
                  2 2 1 1 2

                  Comment


                  • #10
                    Re: Tombstone Life

                    Originally posted by biggles77 View Post
                    SSID, what idiot said that? My apologies dkb, I did of course mean SID and as Joe pointed out it was the machine account I should have been refering to as well.

                    What are you using to create the image?
                    Is there any reason why you do it each week as it could be done every third one? That was a curiosity question.
                    No worries. It did get me frantically searching for SSID (surely that's wireless networks i thought) initially but my searches lead me to believe it was SID.

                    I'm using Acronis (because you can restore to different hardware. I managed to restore a 1 year old server to a 3 year old desktop PC. It drags but it worked. ) and so far my test restores have worked very well . Obviously my knowledge is pretty limited so I'm glad I've learnt something from this thread.

                    I suppose you are right, it could be done every third one. Just got used to a pattern and stuck to it i guess.

                    The problem is, whne I take an image I like to do a test restore. This really isnt practical to do once a month so I would have preferred to have a longer time gap.

                    It turns out my tombstone life is default 180 days so i'm happy with that. I guess people wouldnt recommend me increasing the life of the machine password to the same?

                    Comment

                    Working...
                    X