The current DC is not in the domain controller's OU NPD-DC01
Out-of-date attribute pwdLastSet on NPD-DC02 (writeable)
https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/use-netdom-reset-domain-controller-password
How long has this been going on?
https://learn.microsoft.com/en-US/troubleshoot/windows-server/identity/replication-error-8456-8457
w32time Service is stopped on [NPD-DC01] start it
Looks like NPD-DC02 tombstoned long ago. The only solution here is to remove it. Perform cleanup on NPD-DC01 to remove remnants
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564
then stand up a new one for replacement.
I'd use dcdiag / repadmin tools to verify health correcting all errors found
before starting any
operations. Then stand up the new 2008, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health.
--please don't forget to upvote
and Accept as answer
if the reply is helpful--