Hi All, Working on an AD migration project. The customer has a Windows 2000 infrastructure, in native mode. The customer wanted rid of an old legacy NT 4.0 external 2 way trust. The NT 4.0 domain is long gone. So the trust was removed via AD Domains and Trusts, it complained about not being able to contact the NT 4.0 domain , as expected and the removal went ahead. AD Domains and Trusts no longer displays the trust. This is where the issue starts - Netdom/NLTEST still report the trust as active. ADSIEDIT reports no trust related objects and there is no metadata to remove. Kind of stumped. No DNS or WINS entries present either. Any other way to force retirement of a trust? I don't suppose the netdom command for forcing the deletion of a 2 way trust will work as the customer cannot remember the admin account password for the old NT 4.0 domain..... Any thoughts appreciated.

Just a thought, never seen this issue, but i know there is usually a hidden account with the name domain$, where domain was/is the trusted domain. Try and find if this account is still present. Then you can determine if you would need to delete it. What netdom/nltest commands are you using?

Thanks for the input Gunner. The command I am running is nltest /trusted_domains. Now I have pressed ahead and installed my first 2003 DC into the 2000 Domain in preparation for a swing migration. running nltest /trusted domain on the 2003 DC reveals only 1 domain - the production domain naturally. Run the same command on a 2000DC and 2 domains are listed, the production domain and the long dead domain. So it thinks this is still an ongoing concern on 2000 DCs. It gets weirder, the AD Domains and Trusts tool on 2000 does not show the trust and you guessed it the same tool on the 2003 DC does show it. So they reverse opinions dependent on what tool is used.... The 2000 domain was in place upgraded from NT 4.0 don't think this is relevant. Lastly on the 2003 DC at te moment - the legacy domain is missing from the log on drop down box. I am wondering if by the time I retire all the 2000 DCs if this will clear up this issue.

Hi, This issue mostly can be caused, if not all the trust related objects are removed. Based on the current situation, I would like to suggest you use Ldp.exe to find the trust related objects and remove them. For the detailed information, please refer to the following Microsoft KB article: Using Ldp.exe to Find Data in the Active Directory http://support.microsoft.com/kb/224543 Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.