Thanks for that, I have now had partial success.
Just to clarify, I want to use the Zentyal GUIs to reattach the replacement machine to the domain as I don't want to bypass their tools using samba-tool directly to join the domain and end up with the Zentyal and the machine being in different states of awareness re the configuration of the system so my ambition is to come up with a tool that will strip out a dead machine allowing my DR plan just to say... "Build a standard Zentyal installation and use the Zentyal GUI to join it to the domain..."
Anyway what happened? Well I have 2 machines pdc, the domain controller system and adc, you guessed, the additional domain controller. I did as you suggested with pdc and then used Zentyal to add the adc back onto the domain. It looked like all had worked, the users and groups were populated in adc but my initial tests "running samba-tool drs showrepl" on adc machine produced this...
root@adc:~# samba-tool drs showrepl 2>&1
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:adc.impact0.lan[,seal]
Wrong username or password: kinit for ADC$@IMPACT0.LAN failed (Client not found in Kerberos database)
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
Got challenge flags:
Got NTLMSSP neg_flags=0x60898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088235
Wrong username or password: kinit for ADC$@IMPACT0.LAN failed (Client not found in Kerberos database)
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
Got challenge flags:
Got NTLMSSP neg_flags=0x60898205
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088205
Default-First-Site-Name\ADC
DSA Options: 0x00000001
DSA object GUID: 2c8e8a01-71df-4714-9671-1fff353b6b32
DSA invocationId: 3dee2ddc-5a70-41a6-9547-86f097a09467
==== INBOUND NEIGHBORS ====
DC=DomainDnsZones,DC=impact0,DC=lan
Default-First-Site-Name\PDC via RPC
DSA object GUID: bcfdaa72-373e-40f3-ad0e-59c6d3af4d0e
Last attempt @ Wed Aug 21 06:47:37 2013 BST failed, result 2 (WERR_BADFILE)
158 consecutive failure(s).
Last success @ Tue Aug 20 17:47:47 2013 BST
<<text deleted>>
==== OUTBOUND NEIGHBORS ====
DC=DomainDnsZones,DC=impact0,DC=lan
Default-First-Site-Name\PDC via RPC
DSA object GUID: bcfdaa72-373e-40f3-ad0e-59c6d3af4d0e
Last attempt @ Wed Aug 21 06:50:46 2013 BST failed, result 2 (WERR_BADFILE)
18 consecutive failure(s).
Last success @ NTTIME(0)
<<text deleted>>
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 62f7abbc-40c3-4053-a6cb-a4016603209b
Enabled : TRUE
Server DNS name : pdc.impact0.lan
Server DN name : CN=NTDS Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=impact0,DC=lan
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
root@adc:~#
and on the PDC, this...
root@pdc:~# samba-tool drs showrepl 2>&1
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:pdc.impact0.lan[,seal]
Default-First-Site-Name\PDC
DSA Options: 0x00000001
DSA object GUID: bcfdaa72-373e-40f3-ad0e-59c6d3af4d0e
DSA invocationId: eb3a8a1b-c7cd-4960-a6c4-2abb24a83e8c
==== INBOUND NEIGHBORS ====
DC=DomainDnsZones,DC=impact0,DC=lan
Default-First-Site-Name\ADC via RPC
DSA object GUID: 2c8e8a01-71df-4714-9671-1fff353b6b32
Last attempt @ Wed Aug 21 06:54:16 2013 BST was successful
0 consecutive failure(s).
Last success @ Wed Aug 21 06:54:16 2013 BST
<<text deleted>>
==== OUTBOUND NEIGHBORS ====
DC=DomainDnsZones,DC=impact0,DC=lan
Default-First-Site-Name\ADC via RPC
DSA object GUID: 2c8e8a01-71df-4714-9671-1fff353b6b32
Last attempt @ Wed Aug 21 00:47:35 2013 BST was successful
0 consecutive failure(s).
Last success @ Wed Aug 21 00:47:35 2013 BST
<<text deleted>>
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 170fa377-ace6-41b3-a303-a5976db20daf
Enabled : TRUE
Server DNS name : ADC.impact0.lan
Server DN name : CN=NTDS Settings,CN=ADC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=impact0,DC=lan
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Any ideas/suggestions on what i may have missed? Thanks.