3.1.1.5.5.6.1 Transformation into a Tombstone
When the delete operation results in the transformation of an object into a tombstone, the following processing rules apply to the delete operation:
For originating updates:
The RDN for the tombstone is the object's delete-mangled RDN, as specified in Delete Operation in section 3.1.1.5. For replicated updates, the received RDN for the tombstone is set on the object.
The lastKnownParent attribute value is set to the DN of the current parent object.
Additional operations might be performed if the object being modified is a SAM-specific object (section 3.1.1.5.2.3); see [MS-SAMR] section 3.1.1.8).
All attribute values are removed from the object, with the following exceptions:
nTSecurityDescriptor, attributeID, attributeSyntax, dNReferenceUpdate, dNSHostName, flatName, governsID, groupType, instanceType, lDAPDisplayName, legacyExchangeDN, mS-DS-CreatorSID, mSMQOwnerID, nCName, objectClass, distinguishedName, objectGUID, objectSid, oMSyntax, proxiedObjectName, name, replPropertyMetaData, sAMAccountName, securityIdentifier, sIDHistory, subClassOf, systemFlags, trustPartner, trustDirection, trustType, trustAttributes, userAccountControl, uSNChanged, uSNCreated, whenCreated attribute values are retained.
In AD LDS, the msDS-PortLDAP attribute is also retained.
The attribute that equals the rdnType of the object (for example, cn for a user object) is retained.
Any attribute that has fPRESERVEONDELETE flag set in its searchFlags is retained, except objectCategory and sAMAccountType, which are always removed, regardless of the value of their searchFlags.
All outgoing linked attribute values are removed, but not as an originating update. These values are simply removed from the directory.
All incoming linked attribute values are removed, but not as an originating update. These values are simply removed from the directory.
The isDeleted attribute is set to TRUE.
The object is moved into the Deleted Objects container in its NC, except in the following scenarios, when it MUST remain in its current place:
The object is an NC root.
The object's systemFlags value has FLAG_DISALLOW_MOVE_ON_DELETE bit set.