2.22.1 ProblemYou want to remove a trust. This is commonly done when the remote domain has been decommissioned or access to it is no longer required. 2.22.2 Solution2.22.2.1 Using a graphical user interface
2.22.2.2 Using a command-line interface> netdom trust <TrustingDomain> /Domain:<TrustedDomain> /Remove /verbose[RETURN] [/UserO:<TrustingDomainUser> /PasswordO:*][RETURN] [/UserD:<TrustedDomainUser> /PasswordD:*] 2.22.2.3 Using VBScript' This code deletes a trust in the specified domain. ' ------ SCRIPT CONFIGURATION ------ ' Set to the DNS or NetBIOS name for the Windows 2000, ' Windows NT domain or Kerberos realm trust you want to delete. strTrustName = "<TrustName>" ' Set to the DNS name of the source or trusting domain strDomain = "<DomainDNSName>" ' ------ END CONFIGURATION --------- set objRootDSE = GetObject("LDAP://" & strDomain & "/RootDSE") set objTrust = GetObject("LDAP://cn=System," & _ objRootDSE.Get("defaultNamingContext") ) objTrust.Delete "trustedDomain", "cn=" & strTrustName set objTrustUser = GetObject("LDAP://cn=Users," & _ objRootDSE.Get("defaultNamingContext") ) objTrustUser.Delete "trustedDomain", "cn=" & strTrustName & "$" WScript.Echo "Successfully deleted trust for " & strTrustName 2.22.3 DiscussionTrusts are stored in Active Directory as two objects; a trustedDomain object in the System container and a user object in the Users container. Both of these objects need to be removed when deleting a trust. The GUI and CLI solutions take care of that in one step, but in the VBScript example both objects needed to be explicitly deleted. It is also worth noting that each solution only deleted one side of the trust. If the trust was to a remote AD forest or NT 4.0 domain, you also need to delete the trust in that domain. |