![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 34%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,108 questions
The current DC is not in the domain controller's OU NPD-DC01
Out-of-date attribute pwdLastSet on NPD-DC02 (writeable)
https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/use-netdom-reset-domain-controller-password
How long has this been going on?
https://learn.microsoft.com/en-US/troubleshoot/windows-server/identity/replication-error-8456-8457
w32time Service is stopped on [NPD-DC01] start it
Looks like NPD-DC02 tombstoned long ago. The only solution here is to remove it. Perform cleanup on NPD-DC01 to remove remnants
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564
then stand up a new one for replacement.
I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2008, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health.
--please don't forget to upvote and Accept as answer if the reply is helpful--