Article ID: 149664 - Last Review: November 1, 2006 - Revision: 2.1

Verifying Domain Netlogon Synchronization

View products that this article applies to.
This article was previously published under Q149664
Expand all | Collapse all

SUMMARY

If users are having problems getting validated or are experiencing other account-related issues, you should verify that complete synchronization is taking place across all domain controllers in the domain, including in the User Account Database and Machine Account Database. Anytime a change is made in User Manager or Server Manager, the changes occur at the primary domain controller's database, and those changes need to be replicated.

The Netlogon Service tries to maintain synchronization automatically but is sometimes unable to. If you suspect a domain controller is not up to date, locate your situation in the section below and follow the procedures outlined.

MORE INFORMATION

In User Manager, changing any of the following requires a complete domain synchronization for all domain controllers in the domain to be able to correctly service the Netlogon request:
  • Creating a new user or group account
  • Changing a password or description
  • Changing domain or user policies
  • Changing group membership
  • Changing logon script file name
  • Changing home directory path
  • Changing hours of valid logon
  • changing the list of valid machines to be validated against
  • Changing account expiration and type
In Server Manager, doing any of the following requires a complete domain synchronization for all domain controllers in the domain to be able to correctly service the Netlogon request:
  • Creating a new computer account for a Workstation
  • Creating a new computer account for a stand-alone Server
  • Creating a new computer account for a backup domain controller
In the case where the PDC has to be taken offline, full replication will need to have already occurred before promotion of a BDC to PDC. If the synchronization did not occur, any new information not replicated is lost.

To verify Domain Synchronization, individually replicate the User Account Database on each backup domain controller with the primary domain controller.

From within Server Manager, select each BDC in turn and, from the Computer menu, choose "Synchronize with primary domain controller." This will trigger an immediate replication for the selected BDC with the PDC.

From the Event Log on each Domain Controller, verify that one or more of the following is on each server (both event IDs do not need to be present on each computer):

On the PDC:
Event 5711 Source Netlogon
The partial synchronization request from the server <BDC> completed successfully. <Number> changes(s) has(have) been returned to the caller.

Event 5713 Source Netlogon
The full synchronization request from the server <BDC> completed successfully. <Number> object(s) has(have) been returned to the caller.

On the BDC:
Event 5715 Source Netlogon The partial synchronization replication of the SAM database from the primary domain controller <PDC> completed successfully. <Number> change(s) is(are) applied to the database.

Event 5717 Source Netlogon The full synchronization replication of the <SAM or BUILTIN or LSA> database from the primary domain controller <PDC> completed successfully.
APPLIES TO
  • Microsoft Windows NT Workstation 3.5
  • Microsoft Windows NT Workstation 3.51
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Server 3.5
  • Microsoft Windows NT Server 3.51
  • Microsoft Windows NT Server 4.0 Standard Edition
Back to the top
Keywords: 
KB149664
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations