Solved

Cannot remove a trusted domain.

Posted on 2007-12-04
4
6,709 Views
Last Modified: 2013-12-05
I have a problem removing a domain trust created before I took over the IT postion.  So I'm not sure how or when it was created.  There are two domains on the same subnet.  They no longer share any rescoures.  Domain-1 shows Domain-2 in the Active Directory Domains and Trust console.  Domain-2 does NOT show Domain-1 in the ADDT console.  From a command prompt on the master in Domain-1 when I use the NETDOM TRUST command: "netdom trust domain-1/ d:domain-2 /remove /force" I get the error: "Trust not removed! This is a parent-child trust. The parent domain could not be contacted."  I can ping the other master from both masters in each domain.
0
Comment
Question by:taltomare
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
paulhekje earned 500 total points
ID: 20448258
a parent-child trust means that they belong to the same Active Directory forest.

You can only remove the child domain using method:
- run dcpromo on the last dc of the child domain and remove/demote the dc.
- if the dc is not running anymore: use AD domains and trusts. Don't forget to clean up AD sites and service + DNS/Wins after removing the domain.

A parent domain cannot be removed!
You have big troubles when no dc exists in the parent domain (call Microsoft! )
the parent domain is also called "forest root domain"
0
 

Author Comment

by:taltomare
ID: 20449299
Is there something that I check to see the parent-child domain setup?
0
 
LVL 6

Expert Comment

by:paulhekje
ID: 20450137
easiest with ad users/computers, you can browse the domain hierarchy when you rightclick the domain and choose "connect to domain"
0
 

Expert Comment

by:RetalixUSA
ID: 20908363
I just got off the phone with Microsoft support on this one and have a solution for you:

You can forcefully remove a domain trust using the ntdsutil

so here is step by step how to remove a domain trust forcefully:

goto command line:

type: ntdsutil
type: m c
type: connections
type: connect to server <dc you are on in caps>
type: q
type: s o t
type: list domains
here you should see a list of domains with a number to the left, use the number to reference which domain you want to connect to and delete
type: select domain <number you want to delete>
type: q
type: remove selected domain

And your done.  If it gives you an error you can use the adsiedit.msc command to remove a lost and found connections, basically look through the HUGE tree of stuff for a lost and found and delete any reference to the domains you want to get rid of.  Then go through the ntdsutil again to try and remove it again.  Good luck, I hope this helps some poor sap like I used to be!

Good luck!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question