Domain Name System

How to fix MMC snap-in authorization for AD management in WinServer 2012R2?

There is a clean fresh Windows Server 2012 R2 with the role of a domain controller. I must say right away that I did everything according to articles from the Internet.
The problem is that I can't properly manage AD through the usual MMC snap-ins: Active Directory Domains and Trusts, Active Directory Sites and Services, Active Directory Users and Computers.
When you try to open one of them, a message appears with the phrase "login attempt failed", then the snap-in opens, but is empty. Trying to manually reconnect to the server from the snap-in produces the same "username or password is incorrect" error.
Perhaps this is somehow related to changing the password of users with Domain Administrator rights, we have 2 such users. Both have the same problems. I tried to start a new one - the same thing.
After unsuccessful attempts to log in to the snap-ins, the following event appears in the log:
Log: System, Source: LSA (LsaSrv), Code: 6037
. using the name "ldap/your-dns-needs-immediate-attention.office" for the target. The target name is not valid. The target name must point to the name of one of the local computers, such as a DNS hostname.
Please try another name."
At the same time, everything is available through the "Active Directory Administration Center", everything works.
It is believed that this may be due to incorrect DNS server settings. Yes, in the TCP / IPv4 settings in the DNS servers, in addition to the server itself, open-DNSs are configured, otherwise there is no access to the Internet. Set up forwarders.
What I can’t understand is that there is exactly the same server on another network with exactly the same roles and settings, and I changed the password from the admins more than once, everything works fine there.
In general, I will be glad to any advice and messages, most importantly at the right address.