Event ID 32768 — Trust Deletion

Applies To: Windows Server 2008 R2

You can delete an existing trust relationship between two specified domains or forests.

Event Details

Product: Windows Operating System
ID: 32768
Source: LsaSrv
Version: 6.0
Symbolic Name: LSAEVENT_ITA_NOT_DELETED
Message: The interdomain trust account for the domain %1 could not be deleted. The return code is the data.

Resolve

Delete the trust account manually

The user account that is associated with the trust relationship was not deleted. Delete this account manually. Perform the following procedure using a domain member computer that has domain administrative tools installed.

To perform this procedure, you must have membership in Enterprise Admins, or you must have been delegated the appropriate authority.

To delete the user account that is associated with the trust relationship:

  1. Open Active Directory Users and Computers. To open Active Directory Users and Computers, click Start. In Start Search, type dsa.msc , and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. Right-click the object that represents the local domain from which you want to remove the trust relationship, and then click Find.
  3. Click Custom Search in the Find box. The name of the dialog box changes to Find Custom Search.
  4. Click the Advanced tab, enter the following LDAP query in the Enter LDAP query box: (&(objectclass=user)(samaccountname=*$)(userAccountControl:1.2.840.113556.1.4.803:=2048)), and then click Find Now. The Search results section of the dialog box should display a user account with the same name as the NetBIOS name of the domain that is trusted. For example, if there is a trust relationship between the local domain and a domain named contoso.com, a user account appears with the name CONTOSO$. This is the account to delete.
  5. Right-click the user account that represents the trust relationship, and then click Delete.
  6. Click Yes to confirm that you want to delete the account.

Verify

Perform the following procedure using a domain member computer that has domain administrative tools installed.

To perform this procedure, you must have membership in Enterprise Admins, or you must have been delegated the appropriate authority.

To verify that the trust relationship list is correct:

  1. Open Active Directory Domains and Trusts. To open Active Directory Domains and Trusts, click Start. In Start Search, type domain.msc, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. In Active Directory Domains and Trusts, right-click the object that represents the local domain, and then click Properties.
  3. In the Properties dialog box for the local domain, click the Trusts tab. You see a list of domains that are trusted by this domain as well as the domains that trust this domain. Verify that the list of trusted and trusting domains is correct.

Trust Deletion

Active Directory