When a new object is added to the Active Directory, it is replicated to all other domain controllers so that they all have the some information. If we delete an object from a domain controller, how would the other domain controllers be informed of the deletion? When an object is deleted from the Active Directory, it is not immediately removed from the database, but rather, changes state and become a tombstone. It is necessary for the tombstone to stay in the Active Directory until the deletion state can be replicated to all domain controllers so that  the object is flagged as a tombstone for later removal. The default tombstone lifetime is 60 days, but can be changed by using ADSIEDIT as shown in the dialog below.

A garbage collection service runs every 12 hours to

• Delete tombstones whose lifetime has expired
• Delete unnecessary log files
• Start online defragmentation

Garbage collection attributes

• tombstoneLifetime
• garbageCollPeriod

can be changed in the Active Directory by using ADSIEdit as shown below. The attributes are in the object

• CN=Directory Service,CN=Windows NT,CN=Services,CN=configuration,DC=forest root