You are currently offline, waiting for your internet to reconnect

Verifying Domain Netlogon Synchronization

This article was previously published under Q149664
SUMMARY
If users are having problems getting validated or are experiencing otheraccount-related issues, you should verify that complete synchronization istaking place across all domain controllers in the domain, including in theUser Account Database and Machine Account Database. Anytime a change ismade in User Manager or Server Manager, the changes occur at the primarydomain controller's database, and those changes need to be replicated.

The Netlogon Service tries to maintain synchronization automatically but issometimes unable to. If you suspect a domain controller is not up to date,locate your situation in the section below and follow the proceduresoutlined.
MORE INFORMATION
In User Manager, changing any of the following requires a complete domainsynchronization for all domain controllers in the domain to be able tocorrectly service the Netlogon request:
  • Creating a new user or group account
  • Changing a password or description
  • Changing domain or user policies
  • Changing group membership
  • Changing logon script file name
  • Changing home directory path
  • Changing hours of valid logon
  • changing the list of valid machines to be validated against
  • Changing account expiration and type
In Server Manager, doing any of the following requires a complete domainsynchronization for all domain controllers in the domain to be able tocorrectly service the Netlogon request:
  • Creating a new computer account for a Workstation
  • Creating a new computer account for a stand-alone Server
  • Creating a new computer account for a backup domain controller
In the case where the PDC has to be taken offline, full replication willneed to have already occurred before promotion of a BDC to PDC. If thesynchronization did not occur, any new information not replicated is lost.

To verify Domain Synchronization, individually replicate the User AccountDatabase on each backup domain controller with the primary domaincontroller.

From within Server Manager, select each BDC in turn and, from the Computermenu, choose "Synchronize with primary domain controller." This willtrigger an immediate replication for the selected BDC with the PDC.

From the Event Log on each Domain Controller, verify that one or more ofthe following is on each server (both event IDs do not need to be presenton each computer):

On the PDC:
Event 5711 Source Netlogon
The partial synchronization request from the server <BDC> completed successfully. <Number> changes(s) has(have) been returned to the caller.

Event 5713 Source Netlogon
The full synchronization request from the server <BDC> completed successfully. <Number> object(s) has(have) been returned to the caller.

On the BDC:
Event 5715 Source Netlogon The partial synchronization replication of the SAM database from the primary domain controller <PDC> completed successfully. <Number> change(s) is(are) applied to the database.

Event 5717 Source Netlogon The full synchronization replication of the <SAM or BUILTIN or LSA> database from the primary domain controller <PDC> completed successfully.
repl Directory Services
Properties

Article ID: 149664 - Last Review: 11/01/2006 04:45:12 - Revision: 2.1

  • Microsoft Windows NT Workstation 3.5
  • Microsoft Windows NT Workstation 3.51
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Server 3.5
  • Microsoft Windows NT Server 3.51
  • Microsoft Windows NT Server 4.0 Standard Edition
  • KB149664
Feedback