Microsoft KB Archive/158804

{| = WinNT Err: SAM Global Group Replication Fails =
 * width="100%"|

Last reviewed: November 13, 1997

Article ID: Q158804 The information in this article applies to:
 * Microsoft Windows NT Server versions 3.5 and 3.51

SYMTPOMS
When a computer running Windows NT Server tries to replicate the security account manager (SAM) global group "RID: ###" from the primary domain controller, it fails with the following error:

Event ID 5730:

Replication of the SAM Global Group "Rid: ###" from the primary domain controller machine name failed with the following error: The specified group does not exist.

RESOLUTION
Remove the resource ID (RID) from the SAM registry key. To do this, perform the following steps.

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it.

  Start Registry Editor (Regedt32.exe) and locate the following key: HKEY_LOCAL_MACHINE\SAM\  From the Security menu, click Permissions. Select the Replace Permission on Existing Subkey check box and make sure Administrators (or the account you are logged on as) have full control.  Go to HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Groups, identify the problem group RID number, and from the Registry menu, click delete. NOTE: If the RID number belongs to a default user or group (administrator, domain users, and so forth), Registry Editor will not allow the RID number to be deleted.  Click OK. Quit Registry Editor and then restart your computer. After you delete the RID number and restart your computer, synchronize the domain controllers.

MORE INFORMATION
The RID numbers are how Windows NT views the groups. The RID numbers match up to the names of the groups. Each computer will keep its own RID numbers. It is possible that only one domain controller presents the above error and not all of the domain controllers in the domain have a corrupt SAM.

Keywords         : ntdomain NTSrv kbnetwork Version          : WinNT:3.5,3.51 Platform         : winnt
 * }