Trust between 2 domains fails because of remnants from an old SBS 2003 server no longer exists


I am trying to create a one-way external trust between two different ADs.  However, it is failing with the message:

The operation failed.  The error is: This operation is not supported on a computer running Windows Server 2003 for Small Business Server

There is no longer an SBS 2003 server in our environment.  We did a migration 4 years ago to SBS 2008.  This past year we migrated to Server 2008 Standard.  We build a new PDC and BDC.  The PDC has the same name as the old SBS 2003 server.  We haven't removed the SBS 2008 server and it is still a domain controller but not the operations master.  The SBS 2003 was never cleanly removed from AD because of a hardware issue.

It has now come back to haunt us.  Is there a way to remove the remnants of the SBS 2003 server from AD so that the trust can be established?

A one-way trust (internal) has been created from extranet Server 2012 AD to internal AD server 2008 successfully

A one-way trust (external) has not been created from Internal AD to Extranet AD due to error above.

If there are step by step instructions, it would be truly appreciated.  

Thank You
Who is Participating?
Cliff GaliherConnect With a Mentor Commented:
You will not be able to establish a trust as long as that SBS 2008 Server exists.
Will SzymkowskiSenior Solution ArchitectCommented:
I would start by using NTdsutil to see if you have any metadata to cleanup.


I would also check your event logs as well to ensure that you are getting no errors. If you can post them here.

Also it appears that if you are using SBS 2003 or 2008 Forest Trust is not supported. Which is why you are receiving the error message.


Gary-Author Commented:
Thanks Will, there was nothing in the Event logs pertaining to this.

We do not have a SBS 2003 server anymore.  Our internal domain controllers are Server 2008 Standard and we have one SBS 2008 server that is slated for removal once the user shares are migrated.  I looked at NTdsutil however; the new domain controller has the same name as the non-existent SBS2003 server.  So I can't remove the servername.  Is there something specific to SBS2003 that I need to delete?
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Gary-Author Commented:
Can I demote so its not a DC and would that solve the issue?
Cliff GaliherCommented:
No. SBS has all of the same licensing requirements in 2008 as it did in 2003.
Will SzymkowskiSenior Solution ArchitectCommented:
I would also check the DNS _msdcs and make sure that all of your SRV records are pointing to actual domain controllers that exists. If there are entries listed in there that shouldn't be they can simply be removed.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.