Overview#Tombstone is a container object within Microsoft Active Directory that contains the deleted objects.
When an entry is deleted Microsoft Active Directory sets the isDeleted attribute of the deleted object to TRUE and move it to a special container called Tombstone, previously known as CN=Deleted Objects.
Tombstone container cannot be accessed through Windows Directories or through Microsoft Management Console (MMC) snap-ins. However, Tombstone are available to Directory Replication Process, so that the Tombstones are replicated to all the Domain Controller in the domain. This process ensures that the object deleted is deleted from all the computers throughout the Active Directory.
tombstoneLifetime attribute determines the time period after which the object is physically deleted from the Microsoft Active Directory. The default value for the tombstone lifetime attribute is 60 days. However, you can change this value if required.