parent - child domain : removing trust from child to parent

We have 1 parent domain and 1 child domain, same forest. I like to manage the child domain from the parent domain, not the way back, from the child to the parent. So I want to prohibit that the child domain can access shares etc. on the parent domain. i think it has to do with the 2-way transitive trust. But it is likely not that easy to remove that 2-way trust and replace it with a 1- way trust relationship. On the 'domains and trusts' the remove button is always grey-out. I have administrator rights on the parent domain and on the child domain.
Can I realize this? And how?

Many thanks for your effort.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Krzysztof PytkoSenior Active Directory EngineerCommented:
Open Active Directory Domains and Trusts, select root domain and choose properties. Go to "trusts" tab. But when you remove child domain from that tab you can experience some replication problems.
Krzysztof PytkoSenior Active Directory EngineerCommented:
Because you can't do that. From 2003 parent-child domain has auto trust and you cannot break it.
I would not remove the trust especially if it has been in place for a while, you will have some major issues with access, replication, and other unforseen issues.  If you are only concerned about being able to access shares and other resources, make sure only certain groups/users have access and enable auditing so that you can monitor if someone changes it.
Starting with Angular 5

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.


"When a child domain is added to an existing tree domain, a two-way, transitive parent and child trust is established by default."
BERTLEEMANAuthor Commented:
Okay that's is all understandable. But what can i do to have a parent domain. And I want a child domain that can be managed by the parent domain. And the child domain may not see any resources, shares, ... of the parent domain?

tx for your knowledge.
Since you cannot break the transitive trust (and I think, not recomendable too...) between them, it is not possible.

For shares, or something like that, you just can limit the access by permission. This is the easiest way.

Else, you can just build another forest and enable a one-way trust between the forests. But sincerely I don't know how your company is defined (in terms of constitution, topology, naming....)...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Darius GhassemCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.