Microsoft KB Archive/235641

{|
 * width="100%"|

-

The information in this article applies to:


 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server
 * Microsoft Windows 2000 Server
 * Microsoft Windows NT Server versions 4.0 SP4, 4.0 SP5

-

SUMMARY
Windows 2000 domains can create trust relationships with any domain in or outside the forest to provide access to resources. "Stale" trusts may be left behind in the process of removing domains. These can cause Netlogon messages to be logged in Event Viewer on the domain that is still present.

MORE INFORMATION
You can use the Trustdom tool from the Windows 2000 Resource Kit to administer trust relationships. To remove a trust that is no longer present, use the following command

"trustdom DOM1,DOM2 -untrust -force -debug" where DOM1 is the domain that is present (the one you are currently administering). This command does not succeed if the non-existing domain is used as DOM1. Even with the -force option, you receive an LSA error message. DOM2 is the domain that is no longer present.

NOTE: Trustdom.exe can be used only from Windows 2000.

To verify that the trust relationship was removed, list your present trust relationships using the following command: "trustdom DOM2 -list" Additional query words:

Keywords : kbtool ntdomain

Version : WINDOWS:2000; winnt:4.0 SP4,4.0 SP5

Platform : WINDOWS winnt

Issue type : kbhowto
 * }