Trust between 2 domains fails because of remnants from an old SBS 2003 server no longer exists

Hello,

I am trying to create a one-way external trust between two different ADs.  However, it is failing with the message:

The operation failed.  The error is: This operation is not supported on a computer running Windows Server 2003 for Small Business Server

There is no longer an SBS 2003 server in our environment.  We did a migration 4 years ago to SBS 2008.  This past year we migrated to Server 2008 Standard.  We build a new PDC and BDC.  The PDC has the same name as the old SBS 2003 server.  We haven't removed the SBS 2008 server and it is still a domain controller but not the operations master.  The SBS 2003 was never cleanly removed from AD because of a hardware issue.

It has now come back to haunt us.  Is there a way to remove the remnants of the SBS 2003 server from AD so that the trust can be established?

A one-way trust (internal) has been created from extranet Server 2012 AD to internal AD server 2008 successfully

A one-way trust (external) has not been created from Internal AD to Extranet AD due to error above.


If there are step by step instructions, it would be truly appreciated.  

Thank You
Gary-Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
I would start by using NTdsutil to see if you have any metadata to cleanup.

NTdsutil: http://www.msserverpro.com/metadata-cleanup-using-ntdsutil-in-windows-server-2008-r2/

I would also check your event logs as well to ensure that you are getting no errors. If you can post them here.


Also it appears that if you are using SBS 2003 or 2008 Forest Trust is not supported. Which is why you are receiving the error message.

http://social.technet.microsoft.com/Forums/en-US/e29653be-edd3-4603-b956-5fdc5614fe70/sbs-2003-trust-relationship-with-server-2008-r2?forum=smallbusinessserver

http://social.technet.microsoft.com/Forums/windowsserver/en-US/f1192589-3e57-430b-b328-96a53dc9e6ae/domain-trust-relationships-in-windows-small-business-server-2011?forum=winservergen

Thanks

Will.
0
Gary-Author Commented:
Thanks Will, there was nothing in the Event logs pertaining to this.

We do not have a SBS 2003 server anymore.  Our internal domain controllers are Server 2008 Standard and we have one SBS 2008 server that is slated for removal once the user shares are migrated.  I looked at NTdsutil however; the new domain controller has the same name as the non-existent SBS2003 server.  So I can't remove the servername.  Is there something specific to SBS2003 that I need to delete?
0
Cliff GaliherCommented:
You will not be able to establish a trust as long as that SBS 2008 Server exists.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Gary-Author Commented:
Can I demote so its not a DC and would that solve the issue?
0
Cliff GaliherCommented:
No. SBS has all of the same licensing requirements in 2008 as it did in 2003.
0
Will SzymkowskiSenior Solution ArchitectCommented:
I would also check the DNS _msdcs and make sure that all of your SRV records are pointing to actual domain controllers that exists. If there are entries listed in there that shouldn't be they can simply be removed.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.