Trust Relationships

[JV]

An invalid trust relationship was placed into AD via MMC
Domains and Trusts.

Now we can't log into the computer on the "trusting" side
of the relationship. It says the computer account doesn't
exist. The account does not appear in AD Users and
Computers. When we try to add it it says it already
exists.

When I try to remove the trust relationship, we get: "The
Directory Service is busy."

I've tried removing the trust relationship with NetDom.exe
with the force option. The command returns success but the
relationship is still there.

The first occurred after a restart following a complete
power shutdown due to a storm.

Any help for restoring the computer logon is greatly
appreciated.

JV

 

[Tim Springston [MS]]

Hi JV-

Try the steps below and see if they help you with this issue. If they do
not, please repost to let us know.
*************************
To remove the trust through the GUI follow these steps.

1. Open Active Directory Users and Computers.

2. Select Advanced Features on the View menu. This will show additional
containers
including the System container.

3. Open the System container

4. With the System container highlighted on the left, locate the trust you
want to
delete. It will have a type of "Trusted Domain."

5. Select the trust and delete it.

6. Use ADSIEdit or LDP from the Support tools to set the userAccountControl
value
for the server or DC to the appropriate value.

- - Domain Controller userAccountControl attribute should be 532480
- - A member server or workstation userAccountControl attribute should be
set to
4098

 

[JV]

Could this invalid trust have caused the computer object
to disappear?

 

[Tim Springston [MS]]

As far as the 'already exists' message you definetly still have an object
named that somewhere in your directory. You can search for it within AD
Users and Computers, or export the domain container using LDIFDE.EXE (from
the Support Tools) and search youir export file for that name to locate the
currently existing object.