Verify that the following requirements are met for the successful restore of Active Directory attributes.
Ensure the Recycle Bin feature is enabled in Active Directory
To ensure objects are restored with their original security context including with the same security identifier (SID) - the Recycle Bin feature in AD must be enabled. The Recycle Bin makes it easier to reanimate objects from their deleted state and ensures that their original security context is maintained.
The Recycle Bin feature is described in detail by Microsoft in this article. The article also includes the PowerShell command required to enable it.
If the Recycle Bin is not enabled, Commvault will recreate the objects, but those objects will have a new SID and won’t have all the same permissions and access they possessed before being deleted.
Configure the AD schema to store password and SIDHistory attributes in the tombstone
These instructions outline the configuration changes that when made to the schema, ensure the password and SID History attributes are also stored in the object's tombstone when deleted. This configuration will ensure that when a deleted object is restored from tombstone, the password and SID History will be recovered as well.