If you receive:

Event ID: 5721
The session setup to the Windows NT Domain Controller \\domain PDC for the domain name failed because the Windows NT Domain Controller does not have an account for the BDC computer.

on your BDC, during replication, your Administrator account SIDs may not be identical on all domain controllers.

Other things to check are:

When you start the NetLogon service, Error 1787 appears in the Event Log.

When you remove and re-add the BDC from the domain, the Event Log records:

Event ID: 5731
Source: Netlogon
Replication of the SAM Global Group rid: 0x220: from Primary Domain Controller name failed with the following error: Cannot perform this operation on built-in accounts.

Event ID: 5716
Source: Netlogon
The partial synchronization replication of SAM database from the Primary Domain Controller name failed with the following error: Cannot perform this operation on built-in accounts.

You can use the GETSID utility to compare SIDs for the Administrator account on all domain controllers.

To fix this problem:

01. Install a new copy of Window NT, as a BDC, on the problem BDC. Install into a different folder.

02. Restart the server in the new installation.

03. Use Server Manager on this new install to select the new install's computer name.

04. On the Computer menu, click Synchronize With Primary Domain Controller and press OK.

05. Delete the folder from the original install.

06. Type ATTRIB -R -S -H c:\boot.ini at a command prompt.

07. Edit C:\boot.ini and remove the entries from the original install.

08. In Disk Administrator, use Partition / Configuration / Save to save the disk configuration to a floppy.

09. Rename the BDC.

10. Recreate any shares, set permissions, install missing software, etc.. to complete the recovery.