This article was previously published under Q149664
If users are having problems getting validated or are experiencing otheraccount-related issues, you should verify that complete synchronization istaking place across all domain controllers in the domain, including in theUser Account Database and Machine Account Database. Anytime a change ismade in User Manager or Server Manager, the changes occur at the primarydomain controller's database, and those changes need to be replicated.
The Netlogon Service tries to maintain synchronization automatically but issometimes unable to. If you suspect a domain controller is not up to date,locate your situation in the section below and follow the proceduresoutlined.
In User Manager, changing any of the following requires a complete domainsynchronization for all domain controllers in the domain to be able tocorrectly service the Netlogon request:
Creating a new user or group account
Changing a password or description
Changing domain or user policies
Changing group membership
Changing logon script file name
Changing home directory path
Changing hours of valid logon
changing the list of valid machines to be validated against
Changing account expiration and type
In Server Manager, doing any of the following requires a complete domainsynchronization for all domain controllers in the domain to be able tocorrectly service the Netlogon request:
Creating a new computer account for a Workstation
Creating a new computer account for a stand-alone Server
Creating a new computer account for a backup domain controller
In the case where the PDC has to be taken offline, full replication willneed to have already occurred before promotion of a BDC to PDC. If thesynchronization did not occur, any new information not replicated is lost.
To verify Domain Synchronization, individually replicate the User AccountDatabase on each backup domain controller with the primary domaincontroller.
From within Server Manager, select each BDC in turn and, from the Computermenu, choose "Synchronize with primary domain controller." This willtrigger an immediate replication for the selected BDC with the PDC.
From the Event Log on each Domain Controller, verify that one or more ofthe following is on each server (both event IDs do not need to be presenton each computer):
On the PDC:
Event 5711 Source Netlogon The partial synchronization request from the server <BDC> completed successfully. <Number> changes(s) has(have) been returned to the caller.
Event 5713 Source Netlogon The full synchronization request from the server <BDC> completed successfully. <Number> object(s) has(have) been returned to the caller.
On the BDC:
Event 5715 Source Netlogon The partial synchronization replication of the SAM database from the primary domain controller <PDC> completed successfully. <Number> change(s) is(are) applied to the database.
Event 5717 Source Netlogon The full synchronization replication of the <SAM or BUILTIN or LSA> database from the primary domain controller <PDC> completed successfully.