none
Divorce forest root domain and tree domain

    Question

  • Hi, everyone!

    I have a task to divorce forest root domain and tree domain united with forest root trust. Not a child domain.

    Child company has been sold, and I need to cut off tree domain of this company without stoping they AD infrastructure.

    At console "Active Directory - Domains and Trusts" button to remove relationship not active.

    I run commands:

    netdom trust TreeDomain.local /d:ForestRootDomain.local /remove /UserD:ForestRootDomain.local\SchemaAdmin /PasswordD:P@$$w0rd

    netdom trust ForestRootDomain.local /d:TreeDomain.local /remove /UserD:ForestRootDomain.local\SchemaAdmin  /PasswordD:P@$$w0rd

    ...and Tree Root Trust is removed, but in the AD of TreeDomain.local still exist links to ForestRootDomain.local, that seems not a correct divorce.

    Have anyone correct manual for case like that?

    Thank you!


    • Edited by SKaDT Wednesday, November 01, 2017 5:21 PM
    Wednesday, November 01, 2017 5:08 PM

All replies

  • You can delete the TreeDomain.local and stay with only ForestRootDomain.local.

    But you CANNOT delete the trust and hope to use both domain separately.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Wednesday, November 01, 2017 7:09 PM
  • Hi,
    If I understand correctly, what you want is to separate domain tree from root forest, in this case, you can use the Active Directory Migration Tool (ADMT) to perform object migrations and security translation as necessary so that users can maintain access to network resources during the migration process. 
    For more information please refer to following MS articles:
    ADMT Guide: Migrating and Restructuring Active Directory Domains
    http://technet.microsoft.com/en-us/library/cc974332(v=WS.10).aspx
    Interforest Active Directory Domain Restructure
    http://technet.microsoft.com/en-us/library/cc974335(v=ws.10).aspx
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, November 06, 2017 5:00 AM
    Moderator
  • I believe forest-level objects, like Enterprise Admins and Schema Admins groups are in the root domain, so you cannot divorce it.
    Tuesday, November 07, 2017 12:26 AM
  • 

    Hi,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 10, 2017 8:21 AM
    Moderator
  • 

    Hi,

    Was your issue resolved? If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions. If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, November 13, 2017 7:48 AM
    Moderator