You want to remove a trust. This is commonly done when the remote domain has been decommissioned or access to it is no longer required.
Open the Active Directory Domains and Trusts snap-in.
In the left pane, right-click on the trusting domain and select Properties.
Click the Trusts tab.
Click on the domain that is associated with the trust you want to remove.
Click the Remove button.
Click OK.
> netdom trust <TrustingDomain> /Domain:<TrustedDomain> /Remove /verbose[RETURN] [/UserO:<TrustingDomainUser> /PasswordO:*][RETURN] [/UserD:<TrustedDomainUser> /PasswordD:*]
' This code deletes a trust in the specified domain. ' ------ SCRIPT CONFIGURATION ------ ' Set to the DNS or NetBIOS name for the Windows 2000, ' Windows NT domain or Kerberos realm trust you want to delete. strTrustName = "<TrustName>" ' Set to the DNS name of the source or trusting domain strDomain = "<DomainDNSName>" ' ------ END CONFIGURATION --------- set objRootDSE = GetObject("LDAP://" & strDomain & "/RootDSE") set objTrust = GetObject("LDAP://cn=System," & _ objRootDSE.Get("defaultNamingContext") ) objTrust.Delete "trustedDomain", "cn=" & strTrustName set objTrustUser = GetObject("LDAP://cn=Users," & _ objRootDSE.Get("defaultNamingContext") ) objTrustUser.Delete "trustedDomain", "cn=" & strTrustName & "$" WScript.Echo "Successfully deleted trust for " & strTrustName
Trusts are stored in Active Directory as two objects; a trustedDomain object in the System container and a user object in the Users container. Both of these objects need to be removed when deleting a trust. The GUI and CLI solutions take care of that in one step, but in the VBScript example both objects needed to be explicitly deleted. It is also worth noting that each solution only deleted one side of the trust. If the trust was to a remote AD forest or NT 4.0 domain, you also need to delete the trust in that domain.