The NTFRS event log will show if you have any problems with replication but
not necessarily if replication is working, but only after there was a
problem would it state that replication has been established between the
problem DCs. ALso, all DCs should be of the same SP level due to variances.

But first, just an FYI, there is no such thing as a PDC or BDC in Active
Directory. One server may hold a PDC Emulator FSMO Role that performs
certain functions, but nothing like what a PDC did in NT4. The way your post
was written sounds like you have an NT4 domain. All domain controllers are
equal entities in AD. They are all master replicas, not like NT4 where one
is the master where all data is created and altered and the BDCs just
receive copies of the database. In AD you can change anything anywhere at
anytime and only the changes get replicated around.

The FSMO roles can be transferred dynamically between DCs. But you need a
really good reason to transfer them. There are few reasons, many are design
based reasons and service reasons because one FSMO cannot work with a GC.
Keep in mind, a GC is NOT a FSMO, but rather a service that runs on a DC. If
you lose a DC, depending on what FSMO role it held, we need to determine if
we can transfer that role or not to another DC. Some roles cannot be just
transferred and moved back if the original DC holding the role is back up
online. Some roles you can. If a DC is damaged beyond repair, then depending
on which role(s) it held, we can need to force or "seize" the role and move
it to another DC but depending on which FSMO role it is, the original one
may not be ever allowed to come back up online or serious issues can result.

Here's more info on FSMO Roles below, but keep in mind, it is nothing like
NT4.

197132 - Windows 2000 Active Directory FSMO Roles:
http://support.microsoft.com/?id=197132

255690 - HOW TO View and Transfer FSMO Roles in the Graphical User
Interface:
http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b255690

That said, re-reading your original post, the issues you describe tells me
you may have a possible DNS misconfiguration. I've seen this with many NT4
administrators who have upgraded to Active Directory. DNS is the focal point
of AD. DNS stores all of AD's service locations. Whenever any machine in an
AD environment is "looking" for an AD service or function (such as logging
in, booting up, authentication requests, etc), it queries DNS asking it
where to find the DC that will handle that appropriate service. GCs are
found by asking DNS. If you are using an ISP's DNS address in any machines'
IP properties (this includes DCs, member servers and clients), then the
ISP's DNS does not have that answer. Even if you mix up internal DNS and
ISP's DNS addresses, the resolver algorithm can still have trouble asking
the correct DNS server.

So first the best way to determine how to help is to view your current
configuration of your DCs and one of your clients. If you can post some of
this info, one of the many MVPs and engineers in the newsgroup will be more
than  happy to point out where the problem is:

1. Unedited ipconfig /all from a client and from your DC(s)
2. The actual DNS domain name of AD (found in ADUC)
3. The zonename spelling in your Forward Lookup Zones in DNS for your AD
zone.
4. If updates are set to allow under the zone's properties
5. If thany of the DCs have more than one NIC
6. Do you have a firewall? If so, what brand? (not needed here)
7. Is/are forwarder(s) configured?
8. Do the SRV records exist under your zone name?
9. dcdiag /v /fix (post the results please)
10. netdiag /v /fix (post the results please)
11. dnscmd /enumzones yourADdomainname.com (post results please)
12. net start (post results please)

Thanks!

"" wrote:

are there any event id errors in the event logs?

What does DCDIAG /V say on each DC?

The way I read it, I don't believe it's replication, but rather Windows
updates from Microsoft's site. If it was an AD issue, there would have been
more problems due to the 60 day tombstone.

Ace