Home > Deep in Active Directory > what to do: parent/child domain trust is lost, TDO object is corrupted

what to do: parent/child domain trust is lost, TDO object is corrupted


Here is a nice tip.

We had a lot of issues where customer is losing the parent/child trust, this is caused by a lot of reasons, either a corrupted TDO object, faulty AD or an admin who is playing with the wrong tools, so here is 2 things to do:

          Search the TDO about similar accounts with the same name that may cause the trust to be lost and remove them:

o   Use the ldifde -r (saMAccountName=domainname*)

o   Check the ldifde dump for the accounts that has the same SAMACCOUNTNAME of the domain and might be conflicting with the TDO object “don’t ask what causes that”

          Now delete the trust from the parent domain and from the child domain. You might need to delete the TDO object, those are here:

CN=Childdomain$,CN=User,DC=parentdomain,dc=com
CN=childdomain,parentdomain.com,CN=System,DC=parentdomainl,dc=com

          Make sure that changes has been replicated.

          For the parent domain do the folloing command : netdom trust childdomain.parentdomain.com /domain:ttsl.com UserD:parent_admin /PasswordD:*
/UserO:child_admin /PasswordO:* /add

          Make sure that changes has been replicated.

          Not sure from the restart requirement, in my case I had to reboot the PDC

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: