In tips 0632 and 0669, I described some possible causes
of Event ID 5716.
If you receive an Event 5714 on the PDC:
The full synchronization request from the server "BDC" failed with the following error: <error text>or a 5716 on a BDC:
The partial synchronization replication of the SAM database from the primary domain controlleryou may have a corrupt LSA Secrets entry in the registry.failed with the following error: Cannot perform this operation on built-in accounts
This can happen due to power failure or improper shutdown.
To determine if this is the cause, use Regedt32 on the PDC, to navigate to:
HKEY_LOCAL_MACHINE\Security
Use the Security/Permissions menu to grant:
Administrators: Full Control
System: Full Control
to this key and all sub-keys.
NOTE: Ignore all errors while changing permissions.
Navigate to:
HKEY_LOCAL_MACHINE\Security\Policy\Secrets\<secretname>
where <secretname> is the corrupt secret, identified because it starts with G$ and only has one sub-key, probably PolMod. Most secrets will have 5 sub-keys.
Delete the corrupt secret and its' sub-keys.
Reset the permissions on HKEY_LOCAL_MACHINE\Security and its' sub-keys to:
Administrators: Special... (only Read Control and Write DAC)
System: Full Control
If you delete G$$<DOMAINNAME>, you will need to re-establish the trust in User Manager for Domains.
