Need help with Netdom cmd and fixing replication issues on two DCs

Hello,

I am having replication issues between (our only) two domain controllers(both MS Server 2012 R2).  I suspect the replication issues were caused by a lack of communication between them for an elongated period (issues with ARP on one server - now resolved). 

Bother DCs can communicate with each other - I can successfully ping DNS names of of each other.

I tried doing an authoritative restore (using this method - https://docs.microsoft.com/en-US/troubleshoot/windows-server/group-policy/force-authoritative-non-authoritative-synchronization)  but ran into problems when trying to force replicate (step 4) from the DC with the initial problems (DC2) - this DC is the non-authoritative one.  I got a a "RPC Server unavailable" error message with further details indicating this is probably down to a DNS lookup issue).

When I run a dcdiag /test:DNS on DC2 I get failures:

----------------------------------------------------------------

[xxxxxx-DC01] LDAP bind failed with error 8341,

A directory service error has occurred..
   Got error while checking if the DC is using FRS or DFSR. Error:
   A directory service error has occurred.The VerifyReferences, FrsEvent and
   DfsrEvent tests might fail because of this error.

--------------------------------------------------------------

            DC: xxxxx-DC01.domain.net
            Domain: domain.net
               TEST: Authentication (Auth)
                  Error: Authentication failed with specified credentials
                  [Error details: 1396 (Type: Win32 - Description: The target ac
count name is incorrect.) - Add connection failed]

             TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  Error: No WMI connectivity
                  [Error details: 0x800706ba (Type: HRESULT - Facility: Win32, D
escription: The RPC server is unavailable.) - Connection to WMI server failed]
                  No host records (A or AAAA) were found for this DC

------------------------------------------------------------------

When I try to go into DNS on DC2 I get an Access Denied error.  In event viewer I can see lots of 4000 and 4007 errors.  

I have Googled this and everything points to the following command to be run:

netdom resetpwd /server:<PDC.domain.com> /userd:<Domain\domain_admin> /passwordd:* 

However I am a little worried about running this command - I need some help.

Does this need to be run on DC2? Do I specify DC1.domain.net in the first bracket (it is the primary DC with all the roles)?  Or do I leave it as PDC.domain.net?  Also, Can I specify the domain admin account I am currently logged in as on DC2?