What is a Tombstone? Well, when we delete an object in the Active Directory it is not deleted directly, if not, the attribute 'isDeleted' is checked’ as 'True’ and is hidden from the normal view of AD consoles in addition to moving to the 'Deleted Objets' container. Eye, almost all but the most important attributes like GUID and SID are deleted. These objects remain in the Active Directory as Tombstone's until after 90 days, once this time has elapsed they are eliminated by the 'Garbage collector'. What is the Garbage Collector? It is a process that runs the Active Directory by default every 12 hours, although this parameter is modifiable in the attribute 'garbageCollPeriod'’ in the configuration object (NTDS). This, apart from removing the Tombstone's, also defragments the Active Directory. All of this comes in handy when using the Sysinternals AdRestore tool, since this utility allows us to […]