I was brought in to attempt to fix an issue that has appeared after a server upgrade. I wasn't involved in the initial setup, or the upgrade, so while I'll do my best to answer questions, there's a lot of information I don't have.
Before the upgrade, there were two domain controllers, STANTS2 and STANTS4, both running Windows 2000. STANTS2 was not upgraded or changed and is the PDC. STANTS4 is the Exchange server. (It was running Exchange 2003, despite being Windows 2000.) It is the one that was upgraded, or rather, replaced. The server was backed up, using Backup Exec 10d, demoted from being a DC, then shut down. A new Windows 2003 server was built and given the name STANTS4, along with the old IP address. Then, I don't know the exact order, but I hope it was in whatever order would be appropriate, Exchange was installed, it was promoted to a DC, and backups were restored for the users' home directories, Exchange, and maybe AD (or would that have just been brought back in from STANTS2?).
Old user accounts still work, and email for existing accounts works. The problem comes in when creating new accounts. Accounts that require email are created in AD on STANTS4, but those accounts never show up in AD on STANTS2, and the user can not log in (to a workstation, or to the web-based interface for email). Accounts created on STANTS2, do show up on STANTS4, but don't have any Exchange attributes configured.
STANTS2's Directory Service event log has a lot of this:
Event ID: 1265
The attempt to establish a replication link with parameters
Source DSA DN: CN=NTDS Settings,CN=STANTS4,CN=Servers,CN=StTeresas,CN=Sites,CN=Configuration,DC=stteresasacademy,DC=org
Source DSA Address: c060ac79-f97a-48a8-a2ca-9538666f732e._msdcs.stteresasacademy.org
Inter-site Transport (if any):
failed with the following status:
The DSA operation is unable to proceed because of a DNS lookup failure.
The record data is the status code. This operation will be retried.
And STANTS4's Directory Service event log has a lot of this:
Event ID: 1587
This domain controller has been restored or has been configured to host an application partition. As a result, its replication identity has changed. A partner has requested replication changes using our old identity. The starting sequence number has been adjusted.
The destination domain controller corresponding to the following object GUID has requested changes starting at a USN that precedes the USN at which the local domain controller was restored from backup media.
USN at the time of restore:
As a result, the up-to-dateness vector of the destination domain controller has been configured with the following settings.
Previous database GUID:
Previous object USN:
Previous property USN:
New database GUID:
New object USN:
New property USN:
Event ID: 1586
The Windows NT 4.0 or earlier replication checkpoint with the PDC emulator master was unsuccessful.
A full synchronization of the security accounts manager (SAM) database to domain controllers running Windows NT 4.0 and earlier might take place if the PDC emulator master role is transferred to the local domain controller before the next successful checkpoint.
The checkpoint process will be tried again in four hours.
8452 The naming context is in the process of being removed or is not replicated from the specified server.