Use Ntdsutil to delete a trust relationship for a subdomain

Question: How do I delete a subdomain trust relationship?

Solution: Use Ntdsutil to delete the trust relationship for the subdomain.

Overview:

In general, when the last domain controller in a domain is demoted, the regular member selects the "This server is the last domain controller in the domain" option in the DCPromo tool, thus removing the domain's Meta-data (metadata) from Active Directory. This article describes how to remove domain metadata and trust relationships from Active Directory if the child domain is completely corrupted by hardware or software fault Active directory and cannot be repaired, or if the child domain controller is offline without first being demoted. Note: Before you manually delete the domain metadata, the regular member must check to make sure that replication has occurred after the subdomain controller has been degraded. Improper use of the NTDSUTIL tool can result in the partial loss or loss of Active Directory functionality.

The trust to delete a child domain in Active Directory

1. Check that the neutron domain for Active Directory is offline.

A. Start Active Directory domain and trust relationships from the Start-admin Tools menu.

B. Right-click the root node in the left pane named Active Directory domain and trust relationship, and then click Operations Master.

C. The domain controller currently serving this role will be marked in the current operations master box. Note: If this role has recently changed, not all computers may have received information about this change because of the need to replicate.

2. Check to make sure all servers in this domain have been degraded.

3. Click Start, point to the program, point to the attachment, and then click the command Prompt.

4. At the command prompt, type: ntdsutil.

5. Type: metadata cleanup, and then press ENTER.

6. Type: connections, and then press ENTER.

7. Type: Connect to Server server name (for example: Connect to server MCSE)

8. Type: Quit, and then press ENTER. The Metadata Cleanup (metadata cleanup) menu will be displayed.

9. Type: Select operation target, and then press ENTER.

10. Type: List domains, and then press ENTER. A list of all the domains in the forest is displayed, with each field having an associated number. (for example, 0–DC=MCSE,DC=ORG,DC=CN 0 is the association number.) )

11. Type: Select domain number, and then press ENTER, where the number is the number associated with the field to be deleted. (For example, select domain 0)

12. Type: Quit, and then press ENTER.

13. Type: Remove selected domain, and then press ENTER. You will receive a confirmation message stating that the deletion was successful.

14. In each menu type: Quit to exit the NTDSUTIL tool. You receive a confirmation message stating that the connection has been successfully disconnected.

Ii. Delete residual data in active Directory

1. Delete NTDS Data

A. Start Active Directory sites and services from the Start-admin Tools menu

B. Expand Default-first-site-name Select the computer in the expand Server and expand the right key NTDS Settings deletion.

C. Deleting computers