Tombstones are markers that indicate that an object has been deleted.
Rather than immediately physically deleting a designated object, the database removes most of its attributes, moves it to the Deleted Objects folder, and then marks the object as being tombstoned.

The purpose of tombstoning is to allow the change to be replicated to all domain controllers. The tombstone lifetime interval can be changed by using the ADSI Edit tool

Tombstone lifetime is a delay between the time an object is marked with the originating delete and the time it is physically removed from the database.

You cannot restore Active Directory from a backup that is more than the tombstone lifetime, which is 60 days by default.
A domain controller keeps track of deleted objects for only this period.

以下文字摘录自 Useful shelf life of a system-state backup of Active Directory
If your only backup of Active Directory is older than the tombstone lifetime setting, reinstall the server after confirming there is at least one surviving domain controller in the domain from which new replicas can be synchronized. You can lose all but one server in the domain and still recover without a loss of data, assuming that the remaining survivor holds current information.
以上的大致意思是如果有2台或2台以上的DC，其中一个出了故障，并且备份的时间超过了60天(tombstone lifetime)，则可以重新安装该DC，并通过复制来对该DC进行更新。

If every server in the domain is destroyed, restore one server from an arbitrarily outdated backup, and replicate all other servers from the restored one.
以上的大致意思又是如果所有的DC均损坏，还可以通过强制的方式对过期的备份进行还原，这不是和“You cannot restore Active Directory from a backup that is more than the tombstone lifetime, which is 60 days by default.”这句话相矛盾吗？