Domain trust between two different domains with same alias name

Arunkumar K 0 Reputation points
2023-12-14T12:49:32.91+00:00

There are two domains domaina.local and domainb.local but the domain alias name for both domain is testabc.

Now wanted to create a trust between these tow domains.

Need your valuable suggestion whether this is feasible or not.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Active Directory Federation Services
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Thameur-BOURBITA 36,261 Reputation points Moderator
    2023-12-14T13:41:02.95+00:00

    Hi @Arunkumar K

    It's not recommended because the kerberos authentication cross forest will failed because due a conflict on name suffix routing applied on the forest trust.

    Name Suffixes Routing controls routing of authentication traffic. When an user account attempts to authenticate using kerberos protocol on a service installed in other trusted forest, the Name Suffix Route applied on the forest trust is used to direct authentication requests to the trusted forest in order to establich kerberos authentification.

    FIGURE 1-14

    Name Suffix Routing

    I recommend you to avoid to use the same DNS suffix between two trusted forests.


    Please don't forget to accept helpful answer


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.