locked
Problems with trust removal RRS feed

  • Question

  • Hi All

    I hope that someone can help me with the following issue

    Last week we removed the trust between 2 domains , everything went smoothly

    But today I checked on one of my domaincontrollers Windows 2008 R2 (Forrest level Windows 2008 R2 domain level Windows 2008 R2) with the command netdom query trust and I see the following error

    The old trusted domain stil exists but received error "The system cannot find the file specified"

    Also with nltest the trust is still visible

    Afterwards I checked with ntdsutil if I can remove the trust but the trust is not visible

    Also when I checked with adsiedit and also in adsiedit the trust isn't visible

    I hope that someonbe can help me to remove this trust

    Regards

    Friday, November 12, 2010 12:29 PM

Answers

  • Ok here is some thoughts on getting started

    Load your server tools and start up LDP (As an administrator if using Vista/Win7/Server 2008)

    Connect and bind as an admin

    Select Browse from the menu and then click on the search option

    Base DN = CN=Schema,CN=Configuration,dc=yourDomainName,dc=com

    Filter = (adminDescription=*Trust*)

    Scope = SubTree

    Attributes = ldapdisplayname

    This should return a list of schema objects and I think that you will want to search on trustedDomain

    +++++++++++++++++++++++++++++++++++++++

    Start a new search

    Base DN = dc=yourDomain,dc=com

    (trustedDomain=?????)   ?????? = the domain you are looking to remove

    Scope = subTree

    Attributes = *

    ++++++++++++++++++++++++++++++++++++++++

    Try the second search again with the BaseDN = cn=configuration,dc=yourdomain,dc=com

     

    This hopefully will find the objects you are looking for.  If not review the other schema attributes returned and search on those.

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs

    Please no e-mails, any questions should be posted in the NewsGroup This
    posting is provided "AS IS" with no warranties, and confers no rights.

    Thursday, November 18, 2010 1:10 PM

All replies

  • Hello,

    please see the answer in:

    http://social.technet.microsoft.com/Forums/en-GB/winservergen/thread/38f3251e-d71e-4646-b1b2-1b266b241cad


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Friday, November 12, 2010 5:12 PM
  • Thx Meinolf

    But this doesn't help me

    It driving me mad

     

    Regards 

    Tuesday, November 16, 2010 4:09 PM
  • Anybody else a solution

    Thx in advance

    Regards

     

     

    Wednesday, November 17, 2010 12:47 PM
  • So what did you search for while using LDP?  This should allow you to track down the orphan'd objects?  If you can tell us the searches you may have done or are you saying that it doesn't help you becuase you don't know what to search for?

     

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs

    Please no e-mails, any questions should be posted in the NewsGroup This
    posting is provided "AS IS" with no warranties, and confers no rights.

    Wednesday, November 17, 2010 12:55 PM
  • Thx Pbbergs

    Índeed I don't know how to use LDP to search for the orphan'd objects

    I hope you can help me with this

    Regards

    Wednesday, November 17, 2010 4:08 PM
  • Ok here is some thoughts on getting started

    Load your server tools and start up LDP (As an administrator if using Vista/Win7/Server 2008)

    Connect and bind as an admin

    Select Browse from the menu and then click on the search option

    Base DN = CN=Schema,CN=Configuration,dc=yourDomainName,dc=com

    Filter = (adminDescription=*Trust*)

    Scope = SubTree

    Attributes = ldapdisplayname

    This should return a list of schema objects and I think that you will want to search on trustedDomain

    +++++++++++++++++++++++++++++++++++++++

    Start a new search

    Base DN = dc=yourDomain,dc=com

    (trustedDomain=?????)   ?????? = the domain you are looking to remove

    Scope = subTree

    Attributes = *

    ++++++++++++++++++++++++++++++++++++++++

    Try the second search again with the BaseDN = cn=configuration,dc=yourdomain,dc=com

     

    This hopefully will find the objects you are looking for.  If not review the other schema attributes returned and search on those.

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs

    Please no e-mails, any questions should be posted in the NewsGroup This
    posting is provided "AS IS" with no warranties, and confers no rights.

    Thursday, November 18, 2010 1:10 PM