@Allan0105 , are you asking if this is something to do every time?
This is something you only need to do the first time.
We don’t back up the password. This lets the password go to the AD recycling bin and come back when we restore the account and the SID matches (this is why you need SID history too). If you don't have SID history when you restore the account it gets a new SID, if it gets a new SID, it can not reattach the password from AD recycle bin.
To perform these steps manually instead of using the ADLDAPTool, here is the procedure:
Use ADSIEdit to load up the schema and change the following:
For search flags, change the value for CN=unicode-pwd from 0 to 8
CN=Unicode-Pwd, CN=Schema,CN=Configuration,…< rest of domain >
For search flags, change the value for CN=SID-History from 1 to 9
CN=SID-History, CN=Schema,CN=Configuration,…< rest of domain >
Let me know if this helps!