If you need to restore your domain controller, or you need to make an authoritative restore of Active Directory, you need a backup which is younger than 60 days (by default). The reason here fore is that every object in Active Directory which gets deleted will remain as a tombstone, to make sure that the information to delete this object is replicated to every DC before physically deleting it from the store. The Tombstone is the object with limited attributes, such as the GUID, Name and SID of the object, and the mark that it's deleted. The garbage collection of Active Directory takes care to finally delete tombstones which are older than the tombstone-lifetime.
So that's the reason why you are not allowed to use a backup which is older than the tombstone lifetime - you would reintroduce objects which were already deleted and may run into unexpected behaviors.
So why did I say you'll get more time? In Forests which are installed on top of a Windows Server 2003 including Servicepack 1 the new default tombstone-lifetime is tripled to 180 days. If you don't dcpromo the forests first DC with Servicepack 1 already installed you'll still have the default tombstone-lifetime of 60 days.
You can check your tombstone-lifetime using the following command which comes with Windows Server 2003:
dsquery * "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=yourdomain,DC=com" -scope base -attr tombstonelifetime
The Tombstone-lifetime applies to all domains in your forest.
Note: Even if I wrote that you are able to use older backups now, I do recommend to run a Active Directory Backup at least every day, but you do not need to backup every DC. You should have a backup of at least every domain. One suggestion would be to backup the FSMO-Role owners (you'll get those with netdom query fsmo) per domain. The older an backup is, the more problems you will get with changed objects, most public issue are computer account which are not able to connect to the domain because the accounts password has been changed after the backup was performed. Computer Accounts change their password every 15 to 30 days, so take the number of computers in your domain, divide by 15 and you have a guess how many computer accounts change their password every day. This is also the reason why images of a workstation fall out of the domain after about 15 days (about 7 days with NT4). But that's a different topic.