Windows Server 2012r2: AD Trusts and Name Suffix Routing exclusions and conundrum

Question

Hi,

I have few questions concerning so called Name Suffix Routing in WS 2012r2.

1)Is this true that NSR is only for forest trust, not for other?
2)While establishing forest trust between 2 domains, NSR is enabled automatically- true or not?
3)So when is appropriate to use "exclusions"?

The info on this is scarce. Thanks for you insight and sharing some experience here!

Answer 1

Is this true that NSR is only for forest trust, not for other?

yes, NSR applicable to forest trusts only.

While establishing forest trust between 2 domains, NSR is enabled automatically- true or not?

all unique (top-level) siffix routing is enabled automatically upon establishing forest trust

So when is appropriate to use "exclusions"?

when you want to exclude certain suffixes from routing. Forest trust implies transitive trust between all domains in two forests. You can exclude particular domain UPN suffix from routing. In suffix is excluded then authentication requests are not routed to originating forest, thus preventing authentication using originating forest account.

Answer 2

Hi,

Thank you for posting in our forum.

I also agree with Crypt32's point of view, and at the same time I found some information to give you some supplementary materials. Hope this information can help you

reference：https://www.pearsonitcertification.com/articles/article.aspx?p=170286&seqNum=2

Tip: This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.
Best wishes
Vicky