Cannot remove a trusted domain.

I have a problem removing a domain trust created before I took over the IT postion.  So I'm not sure how or when it was created.  There are two domains on the same subnet.  They no longer share any rescoures.  Domain-1 shows Domain-2 in the Active Directory Domains and Trust console.  Domain-2 does NOT show Domain-1 in the ADDT console.  From a command prompt on the master in Domain-1 when I use the NETDOM TRUST command: "netdom trust domain-1/ d:domain-2 /remove /force" I get the error: "Trust not removed! This is a parent-child trust. The parent domain could not be contacted."  I can ping the other master from both masters in each domain.
taltomareAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

paulhekjeCommented:
a parent-child trust means that they belong to the same Active Directory forest.

You can only remove the child domain using method:
- run dcpromo on the last dc of the child domain and remove/demote the dc.
- if the dc is not running anymore: use AD domains and trusts. Don't forget to clean up AD sites and service + DNS/Wins after removing the domain.

A parent domain cannot be removed!
You have big troubles when no dc exists in the parent domain (call Microsoft! )
the parent domain is also called "forest root domain"
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
taltomareAuthor Commented:
Is there something that I check to see the parent-child domain setup?
0
paulhekjeCommented:
easiest with ad users/computers, you can browse the domain hierarchy when you rightclick the domain and choose "connect to domain"
0
RetalixUSACommented:
I just got off the phone with Microsoft support on this one and have a solution for you:

You can forcefully remove a domain trust using the ntdsutil

so here is step by step how to remove a domain trust forcefully:

goto command line:

type: ntdsutil
type: m c
type: connections
type: connect to server <dc you are on in caps>
type: q
type: s o t
type: list domains
here you should see a list of domains with a number to the left, use the number to reference which domain you want to connect to and delete
type: select domain <number you want to delete>
type: q
type: remove selected domain

And your done.  If it gives you an error you can use the adsiedit.msc command to remove a lost and found connections, basically look through the HUGE tree of stuff for a lost and found and delete any reference to the domains you want to get rid of.  Then go through the ntdsutil again to try and remove it again.  Good luck, I hope this helps some poor sap like I used to be!

Good luck!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.