Here is a nice tip.
We had a lot of issues where customer is losing the parent/child trust, this is caused by a lot of reasons, either a corrupted TDO object, faulty AD or an admin who is playing with the wrong tools, so here is 2 things to do:
- Search the TDO about similar accounts with the same name that may cause the trust to be lost and remove them:
o Use the ldifde -r (saMAccountName=domainname*)
o Check the ldifde dump for the accounts that has the same SAMACCOUNTNAME of the domain and might be conflicting with the TDO object “don’t ask what causes that”
- Now delete the trust from the parent domain and from the child domain. You might need to delete the TDO object, those are here:
CN=Childdomain$,CN=User,DC=parentdomain,dc=com
CN=childdomain,parentdomain.com,CN=System,DC=parentdomainl,dc=com
- Make sure that changes has been replicated.
- For the parent domain do the folloing command : netdom trust childdomain.parentdomain.com /domain:ttsl.com UserD:parent_admin /PasswordD:*
/UserO:child_admin /PasswordO:* /add
- Make sure that changes has been replicated.
- Not sure from the restart requirement, in my case I had to reboot the PDC
1 comment:
man, that's awesome !
and Yes you have to restart, that AFAIk it will be a shortcut trust first, then after the restart it will be again the transitive-unbreakable parent-child trust
please keep the good work up dude
Post a Comment