Your network consists of a single Active Directory forest. The forest contains one Active Directory domain. The domain contains eight domain controllers. The domain controllers run Windows Server 2003 Service Pack 2.

You upgrade one of the domain controllers to Windows Server 2008 R2.

You need to recommend an Active Directory recovery strategy that supports the recovery of deleted objects.

The solution must allow deleted objects to be recovered for up to one year after the date of deletion.

What should you recommend?

A.
Increase the tombstone lifetime for the forest.

B.
Increase the interval of the garbage collection process for the forest.

C.
Configure daily backups of the Windows Server 2008 R2 domain controller.

D.
Enable shadow copies of the drive that contains the Ntds.dit file on the Windows Server 2008 R2 domain controller.

Explanation:
The tombstone lifetime must be substantially longer than the expected replication latency between the domain controllers. The interval between cycles of deleting tombstones must be at least as long as the maximum replication propagation delay across the forest. Because the expiration of a tombstone lifetime is based on the time when an object was deleted logically, rather than on the time when a particular server received that tombstone through replication, an object’s tombstone is collected as garbage on all servers at approximately the same time. If the tombstone has not yet replicated to a particular domain controller, that DC never records the deletion. This is the reason why you cannot restore a domain controller from a backup that is older than the tombstone lifetime

By default, the Active Directory tombstone lifetime is sixty days. This value can be changed if necessary. To change this value, the tombstoneLifetime attribute of the CN=Directory Service object in the configuration partition must be modified.

this is related to server 2003 but should still be relelvant http://www.petri.co.il/changing_the_tombstone_lifetime_windows_ad.htm

Authoritative Restore

When a nonauthoritative restore is performed, objects deleted after the backup was taken will again be deleted when the restored DC replicates with other servers in the domain. On every other DC the object is marked as deleted so that when replication occurs the local copy of the object will also be marked as deleted. The authoritative restore process marks the deleted object in such a way that when replication occurs, the object is restored to active status across the domain. It is important to remember that when an object is deleted it is not instantly removed from Active Directory, but gains an attribute that marks it as deleted until the tombstone lifetime is reached and the object is removed. The tombstone lifetime is the amount of time a deleted object remains in Active Directory and has a default value of 180 days.

To ensure that the Active Directory database is not updated before the authoritative restore takes place, you use the Directory Services Restore Mode (DSRM) when performing the authoritative restore process. DSRM allows the administrator to perform the necessary restorations and mark the objects as restored before rebooting the DC and allowing those changes to replicate out to other DCs in the domain.