What is a Tombstone? Well, when we delete an object in the Active Directory it is not deleted directly, if not, the attribute 'isDeleted' is checked’ as 'True’ and is hidden from the normal view of AD consoles in addition to moving to the 'Deleted Objets' container. Eye, almost all but the most important attributes like GUID and SID are deleted.
These objects remain in the Active Directory as Tombstone's until after 90 days, once this time has elapsed they are eliminated by the 'Garbage collector'.

What is the Garbage Collector? It is a process that runs the Active Directory by default every 12 hours, although this parameter is modifiable in the attribute 'garbageCollPeriod'’ in the configuration object (NTDS). This, apart from removing the Tombstone's, also defragments the Active Directory.

All of this comes in handy when using the Sysinternals AdRestore tool, since this utility allows us to restore objects that we have 'deleted'’ Active Directory.

We downloaded AdRestore from their official website: HTTP://download.sysinternals.com/Files/AdRestore.zip

We decompress it, and from the command line if we run it it will show us all the objects that we have eliminated in less than that established time. We can filter the deleted objects using the asterisk *

To restore a specific object, Run: adrestore -r OBJECT

We confirm that this is the object we want to restore, 'and',

List!

And we already have it in the console of “Active Directory users and teams”.