Serious Domain Trust Screw Up, please help...

G

Guest

Ok, I was tired, and was rushing through something...long story short, I
thought I was reading "domain controllers" when in fact it said "domain"...

I created a trust in our domain to a 'domain' that in fact was a domain
controller, (i don't know why it allowed that, but then again i was stupid
enough to do it) so now i can't delete the trust because it somehow gets
confused between the nonexistant domain and the real domain controller. when
i tried to remove the trust it kept giving me "an error has occured".

We've demoted the domain controller as it was mainly a file/print server
anyway (now its a lot faster as well) but that didn't help any, and trying to
remove the trust now complains that "the directory service is busy" (its been
'busy' through several days and reboots in between).

i've tried (from a DC in the XYZ.ORG: c:\NETDOM TRUST XYZ.ORG /D:HCENT3
/REMOVE /FORCE but that also keeps complaing about busy directory service...

this is screwing up a number of security related things on our network that
deal with that hcent3 server.

any hope?

Thanks
andy
 
L

Laura A. Robinson

Tinfoil hat securely fastened, =?Utf-8?B?YXJhY3p5bnNraQ==?= pounded the
keyboard to produce
Ok, I was tired, and was rushing through something...long story short, I
thought I was reading "domain controllers" when in fact it said "domain"...

I created a trust in our domain to a 'domain' that in fact was a domain
controller, (i don't know why it allowed that, but then again i was stupid
enough to do it) so now i can't delete the trust because it somehow gets
confused between the nonexistant domain and the real domain controller. when
i tried to remove the trust it kept giving me "an error has occured".

We've demoted the domain controller as it was mainly a file/print server
anyway (now its a lot faster as well) but that didn't help any, and trying to
remove the trust now complains that "the directory service is busy" (its been
'busy' through several days and reboots in between).

i've tried (from a DC in the XYZ.ORG: c:\NETDOM TRUST XYZ.ORG /D:HCENT3
/REMOVE /FORCE but that also keeps complaing about busy directory service...

this is screwing up a number of security related things on our network that
deal with that hcent3 server.

any hope?

Thanks
andy
Click to expand...
Okay, I have to ask how you did this, because when I try to duplicate the
problem and form a trust with a DC rather than a domain, it doesn't work. How
did you create the trust, exactly? Thx.

Laura
 
G

Guest

Sorry, I have no idea, from what I gather its not supposed to happen. We
have 4 2003 servers (named HCENT1, HCENT2, HCENT3, HCENT4). The last 3 of
which are on the same domain (xyz.org). The last 3 share an Active Directory
setup. From within one of those 3 I went to AD Trusts and Security (or was
that Domains and Trusts) and created a 2 way trust to domain "HCENT3". Not
sure if perhaps I did it from HCENT3 itself or not at the moment. After I
realized what I did, i quickly deleted the lower half of the trust, which
worked, and then tried to delete the top portion of the trust, which has been
a "no" since that moment....

we are getting around the issue right now by referring to HCENT3 as
HCENT3.XYZ.ORG in UNC paths/maps etc. but this is just not going to be a
doable solution longterm...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

2003 SBS can't "trust" win3k or NT domains 3
AD Trust to NT4 Domain 3
Trusting domains between Windows 2003 and Windows 2000 advanced server 6
2000 advanced server Trust problem. 1
Access to Trusted Domain Resources and Scanning 5
2003 Srvr trust is broke 1
Separating trusted domains 4
openldap and active directory trust relationship 0

Top