Recipe 2.22 Removing a Trust

2.22.1 Problem

You want to remove a trust. This is commonly done when the remote domain has been decommissioned or access to it is no longer required.

2.22.2 Solution

2.22.2.1 Using a graphical user interface
  1. Open the Active Directory Domains and Trusts snap-in.

  2. In the left pane, right-click on the trusting domain and select Properties.

  3. Click the Trusts tab.

  4. Click on the domain that is associated with the trust you want to remove.

  5. Click the Remove button.

  6. Click OK.

2.22.2.2 Using a command-line interface
> netdom trust <TrustingDomain> /Domain:<TrustedDomain> /Remove /verbose[RETURN]    [/UserO:<TrustingDomainUser> /PasswordO:*][RETURN]    [/UserD:<TrustedDomainUser> /PasswordD:*]
2.22.2.3 Using VBScript
' This code deletes a trust in the specified domain. ' ------ SCRIPT CONFIGURATION ------ ' Set to the DNS or NetBIOS name for the Windows 2000, ' Windows NT domain or Kerberos realm trust you want to delete. strTrustName = "<TrustName>" ' Set to the DNS name of the source or trusting domain strDomain    = "<DomainDNSName>" ' ------ END CONFIGURATION --------- set objRootDSE = GetObject("LDAP://" & strDomain & "/RootDSE") set objTrust = GetObject("LDAP://cn=System," & _                          objRootDSE.Get("defaultNamingContext") ) objTrust.Delete "trustedDomain", "cn=" & strTrustName set objTrustUser = GetObject("LDAP://cn=Users," & _                              objRootDSE.Get("defaultNamingContext") ) objTrustUser.Delete "trustedDomain", "cn=" & strTrustName & "$" WScript.Echo "Successfully deleted trust for " & strTrustName

2.22.3 Discussion

Trusts are stored in Active Directory as two objects; a trustedDomain object in the System container and a user object in the Users container. Both of these objects need to be removed when deleting a trust. The GUI and CLI solutions take care of that in one step, but in the VBScript example both objects needed to be explicitly deleted. It is also worth noting that each solution only deleted one side of the trust. If the trust was to a remote AD forest or NT 4.0 domain, you also need to delete the trust in that domain.



Active Directory Cookbook
Active Directory Cookbook, 3rd Edition
ISBN: 0596521103
EAN: 2147483647
Year: 2006
Pages: 456

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net