If you receive:
5730 - Replication of the SAM Global group (RID:0x200) from primary domain controllerchances are that the AdminCount value in the registry, that tracks the number of Administrative users in the servers' local Administrators group, has gotten out of sync on the BDC. Prior to removing any administrative user for the Administrators group, a BDC determines if the AdminCount would go negative. If it would, synchronization fails.
failed with the following error: cannot perform this operation on built-in accounts. 5731 - Replication of the built-in local group (rid:0x220) from the primary domain controller failed with the following error: A new member could not be added to a local group because the member has the wrong account type. 5716 - The partial synchronization replication of the SAM database from the primary domain controller failed with the following error: Cannot perform this operation on built-in accounts.
Make Sure that Administrator is a member of both Administrators and Domain Administrators.
To reset the value on each BDC:
1. In User Manager for Domains, create a new global group called FixAdmin with a description of Don't delete.
2. Add Administrator to the FixAdmin group.
3. Add the FixAdmin global group to the local Administrators group.
4. Exit User Manager for Domains.
Wait for domain synchronization to complete or force a full synchronization by running: NLTEST /SYNC From Supplement Two of the NT 4.0 Server Resource kit.
NOTE: The FixAdmin Global Group must not be removed from the local Administrators group.
NOTE: If you run NLTEST /SYNC, use NLTEST /BDC_QUERY:<Domain Name> to check the status of the synchronization.