| Event Id | 5730 |
| Source | NETLOGON |
| Description | Replication of the SAM Global group (RID:0x200) from primary domain controller <computer name> failed with the following error: <error>. |
| Event Information | When domain synchronization occurs at the automatic interval or when issued manually, you may encounter this events along with 5731,5716. CAUSE: In order to ensure an administrators ability to manage servers in a domain, Windows NT Server maintains a value called AdminCount. AdminCount is a one-byte field that is incremented for each instance that the administrator user account is directly added to the Administrators local group, or indirectly made a member of the Administrators local group via a global group. Prior to Windows NT Server 3.51 Service Pack 4, the backup domain controllers (BDC) AdminCount field could sometimes get out of sync with the primary domain controllers (PDC) AdminCount field. Although this problem was fixed in Windows NT 3.51 Service Pack 4, the value was never recalculated for the BDCs in the domain. BDCs analyze the AdminCount field prior to removing any instances of the Administrator from the Administrators group. If the BDC calculates that this field will be less then 1 after it commits changes from the PDC synchronization, then you will see 5730 or 5731 events in the Event Viewer. RESOLUTION: If the administrator is already a member of both the Domain Administrators and the Administrators group, the following steps will increment the administrator count on each BDC. 1) Click the Start button, point to Programs, point to Administrative Tools, and click User Manager for Domains. 2) In User Manager for Domains, create a new global group by clicking New Global Group from the User menu. Type MakeAdmin for the Group Name and AdminCount Workaround for the Description. 3) Double-click the MakeAdmin global group icon located in the Groups/Description view pane. 4) Select the Administrator user, and then click Add in the global Group Properties dialo |
| Reference Links | Domain Synchronization Fails With 5730 or 5731 and 5716 |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.