Remove a manually created trust

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

It is possible to remove manually created shortcut trusts, external trusts, realm trusts, or forest trusts. It is not possible to remove default, two-way, transitive trusts between domains in a forest. It is particularly important to verify that you successfully remove trusts if you are planning to re-create them.

You can remove a manually created trust by using the New Trust Wizard in Active Directory Domains and Trusts or by using the Netdom command-line tool. For more information about the Netdom command-line tool, see "Netdom.exe: Windows Domain Manager" in the Windows Server 2003 Technical Reference on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=41700).

Administrative credentials

To complete this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory.

To remove a manually created trust

  • Using the Windows interface

  • Using a command prompt

Using the Windows interface

  1. Open Active Directory Domains and Trusts.

  2. In the console tree, right-click the domain that contains the trust that you want to remove, and then click Properties.

  3. Click the Trusts tab.

  4. In either Domains trusted by this domain (outgoing trusts) or Domains that trust this domain (incoming trusts), click the trust to be removed, and then click Remove.

  5. Do one of the following, and then click OK:

    • Click No, remove the trust from the local domain only.

      If you click this option, it is recommended that you repeat this procedure for the reciprocal domain.

    • Click Yes, remove the trust from both the local domain and the other domain.

      If you click this option, you must type a user account and password with administrative credentials for the reciprocal domain.

Using the command line

  1. Open a Command Prompt.

  2. Type the following command, and then press ENTER:

    netdom trust TrustingDomainName **/d:**TrustedDomainName **/remove/UserD:**User /PasswordD:*

    Term Definition

    TrustingDomainName

    Specifies the Domain Name System (DNS) name (or network basic input/output system (NetBIOS) name) of the trusting domain in the trust that is being created.

    TrustedDomainName

    Specifies the DNS name (or NetBIOS name) of the domain that will be trusted in the trust that is being created.

Note

If you are using Netdom to remove a realm trust, you must add the /force option to the end of the command (after /remove) to remove the trust successfully.