Remove a trust

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To remove a trust

  • Using the Windows interface

  • Using a command line

Using the Windows interface

  1. Open Active Directory Domains and Trusts.

  2. In the console tree, right-click the domain that contains the trust you want to remove, and then click Properties.

  3. On the Trusts tab, under either Domains trusted by this domain (outgoing trusts) or Domains that trust this domain (incoming trusts), click the trust to be removed, and then click Remove.

  4. Do one of the following, and then click OK:

    • Click No, remove the trust from the local domain only.

      If you choose this option, it is recommended that you repeat this procedure for the reciprocal domain.

    • Click Yes, remove the trust from both the local domain and the other domain.

      If you choose this option, you must type a user account and password with administrative credentials for the reciprocal domain.

Notes

  • To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • To open Active Directory Domains and Trusts, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Domains and Trusts.

  • It is not possible to revoke the default two-way, transitive trusts between domains in a forest. Explicitly created shortcut trusts can be deleted.

Using a command line

  1. Open Command Prompt.

  2. Type:

    netdom trustTrustingDomainName**/d:TrustedDomainName/remove/UserD:User/PasswordD:***

Value Description

TrustingDomainName

Specifies the DNS name of the trusting domain in the trust that is being removed.

TrustedDomainName

Specifies the DNS name of the domain that is trusted in the trust that is being removed.

Notes

  • To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.

  • This command-line method requires the Netdom Windows support tool. For information about installing Windows support tools, see Related Topics.

  • To view the complete syntax for this command, at a command prompt, type:

    netdom trust | more

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Domain controllers
Runas
Using Run as
Forest trusts
Trust types
Trust direction
Install Windows Support Tools