Group policy is probably the reason why this is happening. Group Policy can be applied an many levels, local, AD site, AD domain, OU. This order means that the local GPO is processed first, and GPOs that are linked to the organizational unit of which the computer or user is a direct member are processed last, which overwrites settings in the earlier GPOs if there are conflicts. (If there are no conflicts, then the earlier and later settings are aggregated.)
In addition there are essentially 2 versions- computer and User. Computer policy is applied first then the user policy when the user logs on. Check the group policies in the reverse of that order to find the offending policy. The simplest way to see what policies are applied is with the RSOP snapin
I've been installing Active Directory on W2K and W2K3 for years without any of the gyrations you're talking about.
Item 1 - That's an event ID 1005 from source DSrestor (per http://www.eventid.net/display.asp?eventid=1005&eventno=4658&source=dsrestor&phase=1). I've got a W2K3 R2 test box in my lab, installed from a slipstreamed W2K3 SP2 VL media and DCPROMO'd immediately after install. I have the full events log back to the OS load and this event isn't in any of them. I also checked out the archived event logs from the first W2K3 domain controller (installed with RTM W2K3 media in 2004) at a Customer site and I don't find this error anywhere. I don't know exactly what you're doing to make this error occur, but I've never seen it anywhere.
Item 2 - Microsoft has never fixed this. I tend to just ignore it. My various event log notification applications have been configured to ignore it, too. Yeah, you can resolve it if you want to. It doesn't bother me.
Item 3 - This isn't an error at all! This is telling you to do something. Configure a time source external to the domain. It's a one command-line procedure, if you don't mind using public NTP servers: "NET TIME /setsntp:pool.ntp.org" (specify any NTP server you want). I have no idea why the article you refer to makes such a big deal about it. You need an external-to-the-forest time source. (BTW: This only happens on the PDC emulator FSMO role-holder in the forest root domain. All subsequent DCPROMOs of all other DCs in the forest won't generate this message...)
You mention an "Item 4" that's a "DNS error", but you're really talking about event ID 1555, source "NTDS replication" I think. This isn't an error either. This article describes how the feature works and it's actually in the product for a utility purpose. If the initial synchronization isn't happening on your FSMO role-holder DC(s) you should really fix the replication problem instead of just squelching the error message. I can understand doing this in a test environment or in a DR dry-run, but in real life you should be fixing initial synchronization issues with your FSMO role-holders.
In summary: I don't know what you're doing to make item 1 happen. I can't tell you why Microsoft hasn't fixed item 2 but I don't care about it. Item 3 isn't an issue. Item 4 is an issue insofar as it's telling you that you need to fix broken initial synchronization.
Best Answer
The Automated Updates client doesn't generate any specific Event Log messages when its configuration is changed. You'll have better luck locating information about how it is behaving in
%SystemRoot%\WindowsUpdate.Log, where the Automated Updates client puts most of its logging information.