So the first question might be why should I even care about this. I have heard things like “I am running Windows version xxx, so I have a tombstone life of 180 days.”. This might not be the case, the tombstone lifetime is set at the time of the promotion of the first domain controller in the forest. So okey if you have have an old forest running on a new Windows version you cant be sure that the tombstone life what you want. To make things a bit more silly, Microsoft decided during Windows 2003 to increase the value from the default of 60 days to 180 days. Jane Lewis wrote a Technet blog about this in 2006, but this is still an area where you can find forests which still run with a 60 day tombstone lifetime. Microsoft has a nice article about this, but I like powershell instead of dsquery.

How to read the current Tombstone lifetime

Import-Module ActiveDirectory
$ConfNameContext = Get-ADRootDSE | Select-Object -Expandproperty configurationNamingContext
Get-ADObject -Identity “CN=Directory Service,CN=Windows NT,CN=Services,$ConfNameContext” -properties tombstonelifetime |Format-List

If no value..Note the value in the Value column. If the value is <not set>, the value is 60 days.

How to set the current Tombstone lifetime

Import-Module ActiveDirectory
$ConfNameContext = Get-ADRootDSE | Select-Object -Expandproperty configurationNamingContext
Set-ADObject -Identity “CN=Directory Service,CN=Windows NT,CN=Services,$ConfNameContext” -Replace @{'tombstonelifetime'='180'}