An Active Directory domain which was first created with a 2000 AD server contain wrong date for Schema Attribute : "whenCreated". After Samba (4.0 - 4.1) did joined to the domain as AD DC, replication failed with error Event ID 1791 : error 8418 (http://support.microsoft.com/kb/2734946) Example of wrong attribute value : CN : ACS-Identity-Name : Attribute "whenCreated" on MS AD contain : 21/10/1630 16:21:30 CN : ACS-Identity-Name : Attribute "whenCreated" on Samba AD contain : 01/01/1970 00:00:00 As you can see, AD 2000 created a value with year 1630, and Samba create it with year 1970. Even after sync, force sync, full sync, values do not get corrected.
This is probably happening because both values represent 0, just in different time schemes.