WinNT Err: SAM Global Group Replication Fails

 Last reviewed: November 13, 1997
Article ID: Q158804
The information in this article applies to:
  • Microsoft Windows NT Server versions 3.5 and 3.51

SYMTPOMS

When a computer running Windows NT Server tries to replicate the security account manager (SAM) global group "RID: ###" from the primary domain controller <computername>, it fails with the following error: 

     Event ID 5730:

     Replication of the SAM Global Group "Rid: ###" from the primary domain
     controller machine name failed with the following error:  The
     specified group does not exist.

RESOLUTION

Remove the resource ID (RID) from the SAM registry key. To do this, perform the following steps.

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it.

  1. Start Registry Editor (Regedt32.exe) and locate the following key:

    HKEY_LOCAL_MACHINE\SAM\

  2. From the Security menu, click Permissions.

  3. Select the Replace Permission on Existing Subkey check box and make sure Administrators (or the account you are logged on as) have full control.

  4. Go to HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Groups, identify the problem group RID number, and from the Registry menu, click delete.

    NOTE: If the RID number belongs to a default user or group (administrator, domain users, and so forth), Registry Editor will not allow the RID number to be deleted.

  5. Click OK. Quit Registry Editor and then restart your computer.

  6. After you delete the RID number and restart your computer, synchronize the domain controllers.

MORE INFORMATION

The RID numbers are how Windows NT views the groups. The RID numbers match up to the names of the groups. Each computer will keep its own RID numbers. It is possible that only one domain controller presents the above error and not all of the domain controllers in the domain have a corrupt SAM. 

Keywords          : ntdomain NTSrv kbnetwork
Version           : WinNT:3.5,3.51
Platform          : winnt

================================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: November 13, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.