Modifying Name Suffix Routing Settings

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Name suffix routing is a mechanism that is used to manage how authentication requests are routed across Windows Server 2003 forests that are joined by forest trusts. To simplify the administration of authentication requests, when a forest trust is created, all unique name suffixes are routed by default. A unique name suffix is a name suffix within a forest, such as a user principal name (UPN) suffix, service principal name (SPN) suffix, or Domain Name System (DNS) forest or domain tree name that is not subordinate to any other name suffix. For example, the DNS forest name fabrikam.com is a unique name suffix within the fabrikam.com forest. For more information about name suffix routing, see Routing name suffixes across forests on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=35414).

Note

You cannot enable a name suffix that is in conflict. If the conflict is with a local UPN name suffix, you must remove the local UPN name suffix before you can enable the routing name. If the conflict is with a name that is claimed by another trust partner, you must disable the name in the other trust before it can be enabled for this trust.

Task requirements

You can use either of the following tools to perform the procedures for this task:

  • Active Directory Domains and Trusts

  • Netdom.exe

For more information about how to use the Netdom command-line tool to create a realm trust, see "Netdom.exe: Windows Domain Manager" in the Windows Server 2003 Technical Reference on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=41700).

To complete this task, perform any of the following procedures: