How Do I Remove Broken or Stale Trust Relationships between Two Domains?

All replies

• 

  

  0

  Sign in to vote

  Hi,

  See this:
  Managing Trusts
  http://technet.microsoft.com/en-us/library/bb727050.aspx

  ---

  Best regards,
  
  Abhijit Waikar.
  MCSA | MCSA:Messaging | MCITP:SA | MCC:2012
  Blog: http://abhijitw.wordpress.com
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

  • Proposed as answer by Cicely Feng Friday, November 9, 2012 4:55 AM
  • Marked as answer by Cicely Feng Monday, November 19, 2012 9:10 AM

  Thursday, November 8, 2012 5:49 PM
• 

  

  0

  Sign in to vote

  Refer to http://technet.microsoft.com/en-us/library/cc782416(v=ws.10).aspx

  hth
  Marcin

  • Proposed as answer by Cicely Feng Friday, November 9, 2012 4:55 AM
  • Marked as answer by Cicely Feng Monday, November 19, 2012 9:10 AM

  Thursday, November 8, 2012 5:51 PM
• 

  

  0

  Sign in to vote

  Hi,

  Netdom trust command could be used to verify and remove trust relationship between domains:
  http://technet.microsoft.com/en-us/library/cc835085(v=ws.10).aspx

  Regards,
  Cicely

  • Marked as answer by Cicely Feng Monday, November 19, 2012 9:10 AM

  Friday, November 9, 2012 4:56 AM
• 

  

  0

  Sign in to vote

  Remove the trust from AD domain & trust console, delete the trust.You can also remove trust information from the ADSIEDIT.MSC tool as below.
  
  If the stale trustDomain object is still present in AD. You can maunally remove TDO this way - use ADSIEdit to delete the trustDomain object for the child. To do this, follow these steps:
  Click Start, click Run, type adsiedit.msc, and then click OK
  Expand the Domain NC container.
  Expand DC=<var>Your Domain</var>, DC=COM
  Expand CN=System.
  Right-click the Trust Domain object, and then click Delete.
  Let me know if this resolves your issue!
  
  You can also use netdom command to remove the same. 
  http://technet.microsoft.com/en-us/library/cc776286(v=ws.10).aspx
  
  Refer below link for manual removal of the not longer existing trust.
  http://support.microsoft.com/kb/235416

  Hope this helps

  ---

  Best Regards,
  
  Sandesh Dubey.
  
  MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog
  
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

  • Marked as answer by Cicely Feng Monday, November 19, 2012 9:10 AM

  Friday, November 9, 2012 5:43 AM
• 

  

  1

  Sign in to vote

  Hello All,

  I came new into an existing AD environment. I wish to know the procedure by which I can remove all broken or stale Active Directory Trust Relationship between two domains.

  I am getting errors in SCOM (AD Monitor Trust) on some DCs stating: The trusts between this domain(my domain) and the following domains(s) are in an error state: external-domain(inbound), the error is: The specified domain either does not exist or could not be contacted. (0x54B)

  I dont want to set overrides but I just want to spot all these broken trusts and flush them from AD.

  Thanks.

  You can also remove trust using adsiedit.msc tool. If you are confortable, you can use netdom tool.
  

  Oopen adsiedit.msc > Expand the Domain NC container>Expand DC=<var>Your Domain</var>, DC=COM > Expand CN=System

  Right-click the Trust Domain object, and then click Delete.

  netdom trust domain.com /Domain:domain.com /Oneside:trusted /remove /force

  http://social.technet.microsoft.com/Forums/pl-PL/winserverDS/thread/3eccd491-3152-4f38-8295-608cad139f3f

  ---

  Awinish Vishwakarma - MVP

  My Blog: awinish.wordpress.com

  Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

  • Marked as answer by Cicely Feng Monday, November 19, 2012 9:10 AM

  Friday, November 9, 2012 9:25 AM
• 

  

  0

  Sign in to vote

  I am going to start all these processes .. Thanks guys.

  I would revert to let you know how it goes.

  Thanks once again.

  Monday, November 12, 2012 12:36 PM
• 

  

  0

  Sign in to vote

  Hi Folks,

  I have a similar issue where I joined a company where the previous sysad had shut down and removed the old domain, then used AD Domain and Trusts to remove the trust from the remaining domain.

  However, SCOM is reporting the same problem as this poster.

  In AD Domains and Trusts there are no domains showing. If I run "netdom query trust"  I can see the old domain still listed as a Direct Trusted Type.

  All attempts to remove this have failed. I keep seeing "the specified domain either does not exist or could not be contacted"

  I have attempted pretty much every variance of "netdom trust"

  I also keep seeing "The system cannot find the file specified" when I try to run this.

  ADSIEdit does not show this trust.

  Has anyone come across this problem before ?

  Thanks,

  Chris.

  Tuesday, July 2, 2013 5:27 AM
• 

  

  0

  Sign in to vote

  Please open a new thread as this one has been marked as answered and activity on it will be low.

  ---

  --
  Paul Bergson
  MVP - Directory Services
  MCITP: Enterprise Administrator
  MCTS, MCT, MCSE, MCSA, Security+, BS CSci
  2008, Vista, 2003, 2000 (Early Achiever), NT4
  Twitter @pbbergs
  http://blogs.dirteam.com/blogs/paulbergson

  Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

  Tuesday, July 2, 2013 11:58 AM