locked
Trying to remove External Trust RRS feed

  • Question

  • I'm trying to remove an external 2-way trust that is no longer needed. When I highlight the domain to be remove and click "remove" I'm prompted with the following message "To complete this operation, you must log onto domain 123.com as a user with permission to modify trusts". There is no option to just remove the trust on the local domain.
    Thursday, July 17, 2014 7:38 PM

Answers

  • Hello,

    have you followed the article steps as mentioned earlier in this thread using ADSIEDIT to cleanup?


    Best regards

    Meinolf Weber

    MVP, MCP, MCTS

    Microsoft MVP - Directory Services

    My Blog: http://blogs.msmvps.com/MWeber

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Twitter:  

    • Marked as answer by Vivian_Wang Tuesday, August 12, 2014 2:04 AM
    Thursday, August 7, 2014 7:38 AM

All replies

  • Hello,

    why not using an account from the other domain as ordered?

    If the domain doesn't exist anymore please see http://support.microsoft.com/kb/235416/en-us http://social.technet.microsoft.com/Forums/windowsserver/en-US/3eccd491-3152-4f38-8295-608cad139f3f/old-domain-trusts-still-showing-up-on-2008-r2-dc?forum=winserverDS


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.


    Thursday, July 17, 2014 7:47 PM
  • Sorry forgot to mention I have no account for that domain.
    Thursday, July 17, 2014 7:50 PM
  • Hello,

    then contact them.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Thursday, July 17, 2014 8:35 PM
  • Hi,

    Did you try to use the following command to remove the trust:

    netdom trust <domain> /Domain:<orphaned domain> /Oneside:trusted /remove /force

    And what is the result?

    Regards.


    Vivian Wang

    Monday, July 21, 2014 6:43 AM
  • Hi,

    Any update?

    Regards.


    Vivian Wang

    Monday, July 28, 2014 8:38 AM
  • When I enter the command:

    netdom trust xxx.com /domain:123.com /oneside:trusted /remove /force

    I get Logon failure: unknown user name or bad password.

    Looks like its still looking for credentials from 123.com domain even though the removal is onesided (local domain) only.

    Monday, August 4, 2014 1:37 PM
  • Hi,

    When you choose remove the trust from both the local domain and the other domain.

    You need to type a user account and password with administrative credentials for the reciprocal domain.

    If you choose remove the trust from the local domain only.

    You need to repeat this procedure for the reciprocal domain.

    So you need the credentials from 123.com.

    Regards.


    Vivian Wang

    Wednesday, August 6, 2014 7:58 AM
  • Vivian,

    I understand. But when I click remove, I'm not getting the option to select No, remove the trust from the local domain only. Instead it brings up a login prompt with the message "To complete this operation, you must log onto domain 123.com as a user with permission to modify trusts". I've spoken to the Admin for the 123.com domain and it looks like they've already remove the trust from their end.

    Wednesday, August 6, 2014 3:24 PM
  • Hello,

    have you followed the article steps as mentioned earlier in this thread using ADSIEDIT to cleanup?


    Best regards

    Meinolf Weber

    MVP, MCP, MCTS

    Microsoft MVP - Directory Services

    My Blog: http://blogs.msmvps.com/MWeber

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Twitter:  

    • Marked as answer by Vivian_Wang Tuesday, August 12, 2014 2:04 AM
    Thursday, August 7, 2014 7:38 AM