2.22. Removing a Trust

Problem

You want to remove a trust. This is commonly done when the remote domain has been decommissioned or access to it is no longer required.

Solution

Using a graphical user interface

  1. Open the Active Directory Domains and Trusts snap-in.

  2. In the left pane, right-click on the trusting domain and select Properties.

  3. Click the Trusts tab.

  4. Click on the domain that is associated with the trust you want to remove.

  5. Click the Remove button.

  6. Click OK.

Using a command-line interface

> netdom trust <TrustingDomain> /Domain:<TrustedDomain> /Remove /verbose[RETURN]
   [/UserO:<TrustingDomainUser> /PasswordO:*][RETURN]
   [/UserD:<TrustedDomainUser> /PasswordD:*]

Using VBScript

' This code deletes a trust in the specified domain.
' ------ SCRIPT CONFIGURATION ------
' Set to the DNS or NetBIOS name for the Windows 2000,
' Windows NT domain or Kerberos realm trust you want to delete.
strTrustName = "<TrustName>"
' Set to the DNS name of the source or trusting domain
strDomain    = "<DomainDNSName>"
' ------ END CONFIGURATION ---------

set objRootDSE = GetObject("LDAP://" & strDomain & "/RootDSE")
set objTrust = GetObject("LDAP://cn=System," & _
                         objRootDSE.Get("defaultNamingContext") )
objTrust.Delete "trustedDomain", "cn=" & strTrustName
set objTrustUser = GetObject("LDAP://cn=Users," & _
                             objRootDSE.Get("defaultNamingContext") )
objTrustUser.Delete "trustedDomain", "cn=" & strTrustName & "$"
WScript.Echo "Successfully deleted trust for " & strTrustName

Discussion

Trusts are stored in Active ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial