The method involves enabling the AD Recycle Bin in order to be able to restore deleted user object with the ADAC. Active Directory Recycle Bin can be activated only where all domain controllers are running Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and on Windows Server 2019.
Note: In Windows Server 2008, you could use the Windows Server Backup feature and ntdsutil authoritative restore command to mark objects as authoritative to ensure that the restored data was replicated throughout the domain. The drawback to the authoritative restore solution was that it had to be performed in Directory Services Restore Mode (DSRM). During DSRM, the domain controller being restored had to remain offline. Therefore, it was not able to service client requests.
If sufficient access rights are not assigned to the user account trying to perform this operation, the following error will be prompted via the Active Directory Administration Centre or via PowerShell. See the guide below on how to Enable AD recycle Bin and restore deleted users.
To fix this issue, you will have to add the user account as a member to the following security groups in Active Directory. - Domain Admin - Schema Admin - Enterprise Admin See the image below for more information.
Restart your device for the new policy to apply. Now you can attempt to enable the AD Recycle Bin and it will be successful.