Solved

Cannot remove a trusted domain.

Posted on 2007-12-04
4
6,751 Views
Last Modified: 2013-12-05
I have a problem removing a domain trust created before I took over the IT postion.  So I'm not sure how or when it was created.  There are two domains on the same subnet.  They no longer share any rescoures.  Domain-1 shows Domain-2 in the Active Directory Domains and Trust console.  Domain-2 does NOT show Domain-1 in the ADDT console.  From a command prompt on the master in Domain-1 when I use the NETDOM TRUST command: "netdom trust domain-1/ d:domain-2 /remove /force" I get the error: "Trust not removed! This is a parent-child trust. The parent domain could not be contacted."  I can ping the other master from both masters in each domain.
0
Comment
Question by:taltomare
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
paulhekje earned 500 total points
ID: 20448258
a parent-child trust means that they belong to the same Active Directory forest.

You can only remove the child domain using method:
- run dcpromo on the last dc of the child domain and remove/demote the dc.
- if the dc is not running anymore: use AD domains and trusts. Don't forget to clean up AD sites and service + DNS/Wins after removing the domain.

A parent domain cannot be removed!
You have big troubles when no dc exists in the parent domain (call Microsoft! )
the parent domain is also called "forest root domain"
0
 

Author Comment

by:taltomare
ID: 20449299
Is there something that I check to see the parent-child domain setup?
0
 
LVL 6

Expert Comment

by:paulhekje
ID: 20450137
easiest with ad users/computers, you can browse the domain hierarchy when you rightclick the domain and choose "connect to domain"
0
 

Expert Comment

by:RetalixUSA
ID: 20908363
I just got off the phone with Microsoft support on this one and have a solution for you:

You can forcefully remove a domain trust using the ntdsutil

so here is step by step how to remove a domain trust forcefully:

goto command line:

type: ntdsutil
type: m c
type: connections
type: connect to server <dc you are on in caps>
type: q
type: s o t
type: list domains
here you should see a list of domains with a number to the left, use the number to reference which domain you want to connect to and delete
type: select domain <number you want to delete>
type: q
type: remove selected domain

And your done.  If it gives you an error you can use the adsiedit.msc command to remove a lost and found connections, basically look through the HUGE tree of stuff for a lost and found and delete any reference to the domains you want to get rid of.  Then go through the ntdsutil again to try and remove it again.  Good luck, I hope this helps some poor sap like I used to be!

Good luck!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question