0XC000019B

STATUS_DOMAIN_TRUST_INCONSISTENT 0XC000019B Fix

Cybersecurity & Malware Intermediate 👁 1 views 📅 May 27, 2026

The domain trust is busted — mismatched SID or name in Active Directory. Fix it by resetting the trust relationship or removing and recreating it.

Quick answer

Run netdom trust /d: /reset /passwordt: on both sides, then verify with nltest /domain_trusts. If that fails, delete and recreate the trust.

What's happening here

This error means the SID (security identifier) or the NetBIOS/DNS name stored in one domain's trust object doesn't match what the other domain has. It's basically a broken handshake. I've seen this most often after someone restored a domain controller from backup without re-establishing trusts, or after a domain rename gone sideways. The exact error text is: "The name or SID of the specified domain is inconsistent with the trust information for that domain."

Don't bother checking DNS first — that's rarely the culprit unless you're also seeing name resolution failures. The issue is almost always in the trust object itself.

Fix steps

  1. Verify the trust exists and its type — On a domain controller in the trusting domain, open Active Directory Domains and Trusts. Right-click the domain, go to Properties, then the Trusts tab. Check the trust type (should be External, Forest, or Realm). Note the direction.
  2. Test basic connectivity — Run nltest /dsgetdc: from a DC in the trusting domain. If that fails, you've got a network or DNS problem first. Don't proceed until this works.
  3. Reset the trust password — On a DC in the trusting domain, open an elevated command prompt. Run:
    netdom trust /d: /reset /passwordt:YourP@ssw0rd
    Replace YourP@ssw0rd with something strong. Then on a DC in the trusted domain, run the same command but with the domains swapped:
    netdom trust /d: /reset /passwordt:YourP@ssw0rd
  4. Validate the trust — Back in Active Directory Domains and Trusts, right-click the trust and choose Validate. It should say "This trust relationship is active and valid." If it doesn't, move to the alternative fix.

Alternative fixes if the main one fails

If the reset didn't work, the trust object is too corrupted. Here's the nuclear option:

  1. On both sides, remove the trust. In Active Directory Domains and Trusts, right-click the trust, remove it. Confirm on both sides.
  2. Delete any leftover trust objects — sometimes they linger in the System container. Use ADSI Edit and go to CN=System,CN=Microsoft,CN=Trust Relationship. Delete any stale objects.
  3. Recreate the trust fresh. Use the New Trust Wizard. Choose the correct direction and type. Use a strong password.
  4. Validate again.

One more thing I've seen: if you're dealing with a forest trust, check that UPN suffixes match. Run netdom trust /d: /verify from both sides. If it says "The trust password is not synchronized," you need to reset it again with the same password on both sides — sometimes it takes two tries.

Prevention tip

Never restore a domain controller from backup without checking trust integrity. Use repadmin /showtrust regularly to monitor trust relationships. Keep a documented password for each trust in your password manager. And for God's sake, don't rename domains without a solid rollback plan. That's how you end up here at 3 AM.

Was this solution helpful?

STATUS_DOMAIN_TRUST_INCONSISTENT 0XC000019B domain trust error SID mismatch trust relationship failed Active Directory trust netdom command reset trust Windows Server domain controller Kerberos error