Windows trust between parent and child domain broken

Romar 86 Reputation points
2024-04-28T09:29:12.9166667+00:00

Hello,

I was wondering if anyone has an idea how a domain trust could be fixed.

The domain trust is broken but I can't fix it because DNS doesn't work properly anymore.
DNS can't be fixed, because the domain trust is broken.

The DC in the parent domain can't contact the DC in the child domain to validate the trust.

Thanks in advance!

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,389 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,932 questions
0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 12,320 Reputation points MVP
    2024-04-28T10:14:36.47+00:00

    You have to ensure that the DNS name resolution between the two domains is working first. DNS is not dependent on a trust being in place.

    More at https://petri.com/configure-dns-enable-trust-two-active-directory-forests/

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments
  2. Romar 86 Reputation points
    2024-04-28T10:17:40.25+00:00

    Thank you for your suggestion. I tried setting up conditional forwarding from the parent. I created a new conditional forwarder but it came with the error "The server with this IP address is not authoritative for the required zone". However the server I added is in the Name Servers tab of the zone.

    0 comments
  3. Marcin Policht 12,320 Reputation points MVP
    2024-04-28T11:19:48.4233333+00:00

    Verify that the name of the domain you specified is correct.

    If this doesn't work (as it should), use secondary zones instead

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

  4. sam john 0 Reputation points
    2024-04-29T18:36:50.9933333+00:00

    Try to reestablish the trust relationship between the parent and child domain.

  5. Jing Zhou 2,315 Reputation points Microsoft Vendor
    2024-05-06T03:00:57.7833333+00:00

    Hello,

     

    Thank you for posting in Q&A forum.

    To further reset the domain trust between parent and child domain,

    Please kindly follow below steps:

    1.At a command prompt, type the following command, and then press ENTER:

    2.Reset the trust password by below command:

    netdom trust parent domain name /domain:child domain name /resetOneSide /passwordT:password /userO:administrator /passwordO:*

    3.When you run this command in the child domain, use the following command syntax:

    netdom trust child domain name /domain:parent domain name /resetOneSide /passwordT:password /userO:administrator /passwordO:*

    For further details please refer to below Microsoft Official Documentation:

    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/forest-recovery-guide/ad-forest-recovery-reset-trust

    To help other customers who may be facing the same issue, please don't forget to vote if the reply is helpful.

     

    Best regards,

    Jill Zhou