In tips 0632 and 0669, I described some possible causes of Event ID 5716.

If you receive an Event 5714 on the PDC:

                                 The full synchronization request from the server "BDC" failed with the                                 following error: <error text>
or a 5716 on a BDC:
                                 The partial synchronization replication of the SAM database from the primary                                 domain controller  failed with the following error: Cannot                                 perform this operation on built-in accounts
you may have a corrupt LSA Secrets entry in the registry.

This can happen due to power failure or improper shutdown.

To determine if this is the cause, use Regedt32 on the PDC, to navigate to:


Use the Security/Permissions menu to grant:

Administrators: Full Control
System: Full Control

to this key and all sub-keys.

NOTE: Ignore all errors while changing permissions.

Navigate to:


where <secretname> is the corrupt secret, identified because it starts with G$ and only has one sub-key, probably PolMod. Most secrets will have 5 sub-keys.

Delete the corrupt secret and its' sub-keys.

Reset the permissions on HKEY_LOCAL_MACHINE\Security and its' sub-keys to:

Administrators: Special... (only Read Control and Write DAC)
System: Full Control

If you delete G$$<DOMAINNAME>, you will need to re-establish the trust in User Manager for Domains.