[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cannot remove a trusted domain.

Posted on 2007-12-04
4
Medium Priority
?
7,133 Views
Last Modified: 2013-12-05
I have a problem removing a domain trust created before I took over the IT postion.  So I'm not sure how or when it was created.  There are two domains on the same subnet.  They no longer share any rescoures.  Domain-1 shows Domain-2 in the Active Directory Domains and Trust console.  Domain-2 does NOT show Domain-1 in the ADDT console.  From a command prompt on the master in Domain-1 when I use the NETDOM TRUST command: "netdom trust domain-1/ d:domain-2 /remove /force" I get the error: "Trust not removed! This is a parent-child trust. The parent domain could not be contacted."  I can ping the other master from both masters in each domain.
0
Comment
Question by:taltomare
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
paulhekje earned 2000 total points
ID: 20448258
a parent-child trust means that they belong to the same Active Directory forest.

You can only remove the child domain using method:
- run dcpromo on the last dc of the child domain and remove/demote the dc.
- if the dc is not running anymore: use AD domains and trusts. Don't forget to clean up AD sites and service + DNS/Wins after removing the domain.

A parent domain cannot be removed!
You have big troubles when no dc exists in the parent domain (call Microsoft! )
the parent domain is also called "forest root domain"
0
 

Author Comment

by:taltomare
ID: 20449299
Is there something that I check to see the parent-child domain setup?
0
 
LVL 6

Expert Comment

by:paulhekje
ID: 20450137
easiest with ad users/computers, you can browse the domain hierarchy when you rightclick the domain and choose "connect to domain"
0
 

Expert Comment

by:RetalixUSA
ID: 20908363
I just got off the phone with Microsoft support on this one and have a solution for you:

You can forcefully remove a domain trust using the ntdsutil

so here is step by step how to remove a domain trust forcefully:

goto command line:

type: ntdsutil
type: m c
type: connections
type: connect to server <dc you are on in caps>
type: q
type: s o t
type: list domains
here you should see a list of domains with a number to the left, use the number to reference which domain you want to connect to and delete
type: select domain <number you want to delete>
type: q
type: remove selected domain

And your done.  If it gives you an error you can use the adsiedit.msc command to remove a lost and found connections, basically look through the HUGE tree of stuff for a lost and found and delete any reference to the domains you want to get rid of.  Then go through the ntdsutil again to try and remove it again.  Good luck, I hope this helps some poor sap like I used to be!

Good luck!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question