how to remove trust
The there manual means to remove a trust. We had a trust established with a recently acquired small business. Their server tanked with poor backups. After rebuilding their server (win2k3) we removed the trust on our side and then attempted to re-establish the trust. On our side we get an error saying "cannot create a file that already exists". We run nltest and we can see the trust but we get access denied when we attempt to remove it with NETDOM. I think there are pieces of the trust that were not removed. Are there other ways to remove trusts?
June 20th, 2010 11:31am

Hello, when you open AD domains and trusts, is the trust listed there? Did you follow this way to remove the trust: http://technet.microsoft.com/en-us/library/cc776286(WS.10).aspxBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
June 20th, 2010 3:41pm

Did you remove the trust from both domains? You can use the following procedure to remove the trust: http://support.microsoft.com/kb/216498 http://technet.microsoft.com/en-us/library/cc782416(WS.10).aspx Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights.
June 20th, 2010 11:32pm

Hello mdevine1205, This problem occurs when you attempt establish a trust with a domain that has the same domain security identification (SID) information as another domain that is already trusted, or has the same local Domain SID. For more information on Err Msg: Cannot Create This File When This File Already Exists, please refer to: http://support.microsoft.com/kb/127911 To find a duplicate SID, use the following procedure: Start Registry Editor (REGEDT32.EXE): 1. On HKEY_LOCAL_MACHINE\SECURITY select Security->Permissions "Replace Permissions On Existing Subkeys" and give Administrators "Full Control". Don't do this remotely, since the remote interface isn't as efficient as the local interface. (Don't be overly concerned about changing these ACLs this way. You can do this one key at a time if you're nervous about doing the entire subtree.) 2. Under HKEY_LOCAL_MACHINE\Security\Policy\Domains, the keys listed there are the currently trusted domains. 3. Under each of the SID keys, look at the unnamed value: Use View- DisplayBinaryData -> select Dword radio button and Record the last 3 longwords since they are all that really varies from domain to domain. Next look at the unnamed value of the key named TrDmName to see the domain name corresponding to the SID. UseView-> DisplayBinaryData to get the clearest view of this information. 4. To find the domain SID of your domain, look at HKEY_LOCAL_MACHINE\Security\Policy\PolAcDmS. Look at the unnamed value of this key using the View->DisplayBinaryData dialog. Select the Format->Dword radio button. Record the last 3 longwords. 5. Repeat step 2 on the domain you're running USRMGR.EXE against. Repeat step 4 on the domain you're making a trusted domain. If the SID from step 4 matches any of the SID from step 2, you've found the culprit. Brent Hu, TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 24th, 2010 4:43am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics