If you receive:
5730 - Replication of the SAM Global group (RID:0x200) from primary domain controller
chances are that the
AdminCount value in the registry, that tracks the number of Administrative users in the servers' local Administrators group,
has gotten out of sync on the
BDC. Prior to removing any administrative user for the Administrators group, a
AdminCount would go negative. If it would, synchronization fails.
Make Sure that Administrator is a member of both Administrators and Domain Administrators.
To reset the value on each BDC:
1. In User Manager for Domains, create a new global group called FixAdmin with a description of Don't delete.
2. Add Administrator to the FixAdmin group.
3. Add the FixAdmin global group to the local Administrators group.
4. Exit User Manager for Domains.
Wait for domain synchronization to complete or force a full synchronization by running: NLTEST /SYNC From Supplement Two of the NT 4.0 Server Resource kit.
NOTE: The FixAdmin Global Group must not be removed from the local Administrators group.
NOTE: If you run NLTEST /SYNC, use NLTEST /BDC_QUERY:<Domain Name> to check the status of the synchronization.