We are in the middle of an AD rollout migrating a non-profit from peer to peer to a server 2008 Domain. They have more than a dozen remote offices with in walking distance of each other, and over 250 users. We have deployed 11 DCs, 5 of which are RODCs the rest are full DCs. The Domain Level is 2003, but all DCs and RODCs are 2008. This is a single forest with a single domain.
With the roleout almost half way done, suddenly yesterday when we logged onto the main DC at their HQ all the users were missing from the Active Directory Users and Computers MMC. They all appear still under Server Manager MMC however, we discovered later. The first thing we tried was to force a replication from another DC that had all the users in it's Active Directory Users and Computers MMC. We tried that from all the DCs that were good. Said it replicated (no errors anyways) but nothing changed on the HQ DC. Then we tried a reboot. After the reboot the Active Directory Users and Computers MMC condition had not changed, but now we get Access Denied errors (that we did not see before the reboot) when we try to replicate to that server. I ran Dcdiag and one error that gets reported repeatedly for that HQ DC server was "possible security error (1722)".
The 1722 error says that RPC is unavailable, but the RPC service running on all DCs including the HQ DC with the above problems.
We have Googled both the Active Directory Users and Computers MMC and the Access Denied error issues, and searched Microsoft (including Technet) and have yet to find a solution. We have to get this fixed so we can finish the AD rollout. Currently replication appears to be negatively impacted by these issues. All servers are currently 2008 SP1.
Any help is greatly appreciated!!!