Microsoft - how to restore single user with AdRestore Sysinternal Utility

http://technet.microsoft.com/en-us/sysinternals/bb963906.aspx

If you are in following scenarios:

    - User accounts, groups, computers, OUs or other objects in domain accidentally deleted.
    - No system state backup available for authoritative restoration.
    - No other DC's available.

Consider that when an object is deleted from Active Directory, it isn't actually removed but is instead marked as deleted by an internal marker called a tombstone.

You can verify Tombstone with following article:


http://technet.microsoft.com/it-it/library/cc784932%28v=ws.10%29.aspx


Consider that you can follow this articlet

How to restore deleted user accounts and their group memberships in Active Directory 

But an easily alternative would be ADrestore Utility:

http://technet.microsoft.com/en-us/sysinternals/bb963906.aspx 

After you installed ADRestore, you can restore an object by running
the command.


Before to restore any user you can launch adrestore utility and you will prompted about all object deleted during tombstone period.

Indeed following command:

ADRestore –r

ADRestore removes the 'isDeleted' TRUE attribute from tombstoned accounts and changes the RDN back to the previous path, effectively resurrecting it.
 

Consider that -r tells ADRestore to prompt the user before restoring the AD objects
to their original location.