The "stock" rule relating to User Deletes initiated in AD (when using
entitlements) is that the association is removed, and the delete operation
is vetoed.

Is there a simple way I can I modify this to cause the deleted object to be
re-created in AD, based on the still existing, legitimate object in the
IDVault? I can envision sending a "sync" event into the publisher channel,
but how?

Short of that, I 'm building what feels like a kludgy set of add object and
add attribute values...which may not work.

Insights appreciated and valued.