I am not sure I really understand how the domain is setup. Trusts are not required between domains in the same forest. You can remove default rights to the domain but forest admin will still be able to access either if needed. That ID can can go reclaim rights taken from it. Trusts are established between separate forests in the NT4 sense of concept.
Generally speaking, I would suggest that start with general troubleshooting procedures for AD. First, verify that DNS is setup properly. Make sure it allows for dynamic updates and since your running an AD, integrate all critical zones into it. Just because you have a child domain entry in your DNS does not mean that you have performed a DCPROMO of your child domain. Was this actually ever done? If so, you should have an entry in your DNS forward zone, in the _msdcs section off the root of your primary zone. You should also have a DC entry in the _msdcs section of your child domain. There should also be a full compliment of global catalog, sites and services etc entries on EACH domain. So in other words you should see child domain entries in the DNS at both domain.com and child.domain.com.
domain.com
_msdcs
_gc
child
_msdcs
_gc
It really sounds to me like whoever set the domain up may not really understand the concept of a "child domain" from every aspect. I could be totally wrong here, but it will cost you for me to be sure. Since this is what I do for a living, I dont mind sharing and helping, but firm analysis on site would incur fees.
Hope this helps.
deg
