How to Remove a Trust Relationship for a Domain That Is Not Present

ID: Q235641

The information in this article applies to:

Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Server
Microsoft Windows NT Server versions 4.0 SP4, 4.0 SP5

SUMMARY

Windows 2000 domains can create trust relationships with any domain in or outside the forest to provide access to resources. "Stale" trusts may be left behind in the process of removing domains. These can cause Netlogon messages to be logged in Event Viewer on the domain that is still present.

MORE INFORMATION

You can use the Trustdom tool from the Windows 2000 Resource Kit to administer trust relationships. To remove a trust that is no longer present, use the following command

trustdom DOM1,DOM2 -untrust -force -debug

where DOM1 is the domain that is present (the one you are currently administering). This command does not succeed if the non-existing domain is used as DOM1. Even with the -force option, you receive an LSA error message. DOM2 is the domain that is no longer present.

NOTE: Trustdom.exe can be used only from Windows 2000.

To verify that the trust relationship was removed, list your present trust relationships using the following command:

trustdom DOM2 -list

Additional query words:

Keywords : kbtool ntdomain
Version : WINDOWS:2000; winnt:4.0 SP4,4.0 SP5
Platform : WINDOWS winnt
Issue type : kbhowto