Windows Server 2012r2: AD Trusts and Name Suffix Routing exclusions and conundrum

InfoTechdude 161 Reputation points
2021-01-08T15:22:14.173+00:00

Hi,

I have few questions concerning so called Name Suffix Routing in WS 2012r2.

54903-namesuffixrouting.jpg

1)Is this true that NSR is only for forest trust, not for other?
2)While establishing forest trust between 2 domains, NSR is enabled automatically- true or not?
3)So when is appropriate to use "exclusions"?

The info on this is scarce. Thanks for you insight and sharing some experience here!

Windows for business | Windows Server | User experience | Other
Windows for business | Windows Server | Devices and deployment | Configure application groups
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Vadims Podāns 9,186 Reputation points MVP
    2021-01-09T08:37:59.64+00:00

    Is this true that NSR is only for forest trust, not for other?

    yes, NSR applicable to forest trusts only.

    While establishing forest trust between 2 domains, NSR is enabled automatically- true or not?

    all unique (top-level) siffix routing is enabled automatically upon establishing forest trust

    So when is appropriate to use "exclusions"?

    when you want to exclude certain suffixes from routing. Forest trust implies transitive trust between all domains in two forests. You can exclude particular domain UPN suffix from routing. In suffix is excluded then authentication requests are not routed to originating forest, thus preventing authentication using originating forest account.


  2. Vicky Wang 2,741 Reputation points
    2021-01-11T09:28:50.213+00:00

    Hi,

    Thank you for posting in our forum.

    I also agree with Crypt32's point of view, and at the same time I found some information to give you some supplementary materials. Hope this information can help you

    reference:https://www.pearsonitcertification.com/articles/article.aspx?p=170286&seqNum=2

    Tip: This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.
    Best wishes
    Vicky

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.