Event ID 2896 can be generated in AD replication.
in article http://technet.microsoft.com/en-us/library/replication-error-8453-replication-access-was-denied(v=ws.10).aspx has an excellent workaround solution to troubleshoot the main cause of AD replication access was denied.
in the screen shot below, I have a quick answer why my domain controller generate event id 2896. I have highlight in Red.
it says “Netoverme\RTCService. from here, I already know that it was a service account of Office Communicator / Lync that did not have permission to do replication directory changes.
This is usually happened when I create new child domain such as north.netoverme.info whereas my parent domain is netoverme.info.
Run Domain Preparation from Office Communication Server Media. or
run this command “LCSCMD /domain:”north.netoverme.info” /action:domainprep.