Restoring a Deleted Group
Using a graphical user interface
Using a command line interface
In most cases, it is sufficient when restoring a deleted object within Active Directory to simply perform an authoritative restore of the object or container. However, things get a bit more complicated when you're restoring group objects as well as the users who were members of those groups. Because you cannot easily control the order in which objects are restored to the AD database, you may run into a situation where a group object gets restored before the users who were members of that group. In this case, when Active Directory attempts to populate the restored group's member attribute, it can only populate it with user objects that already exist within the directory. Put another way, if some or all of the users or other groups that are referenced in the restored group's member attribute have not yet been restored, they will not be included in the restored group's member attribute. This will leave the restored group in an inconsistent state, since it will not possess all of the members that it had before it was deleted.
To correct this issue, it's necessary to perform the authoritative restore process twice when restoring groups and their members. The first authoritative restore will re-create all users that should be members of the group objects. The second pass will go back and correctly re-populate the member attribute of any restored groups, now that all of the needed user objects exist within Active Directory.
MS KB 216993 (Useful Shelf Life of a System-State Backup of Active Directory), MS KB 840001 (How to Restore Deleted User Accounts and Their Group Memberships in Active Directory), and Chapter 17 for more on recovering and restoring Active Directory