Enable or disable an existing name suffix for routing
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
You can use this procedure to prevent authentication requests for specific name suffixes from being routed to a forest, or you can use this procedure to allow authentication requests for specific name suffixes to be routed to a forest. You can enable or disable an existing name suffix for routing by using the New Trust Wizard in Active Directory Domains and Trusts or by using the Netdom command-line tool. For more information about how to use the Netdom command-line tool to modify name suffix routing settings, see "Netdom.exe: Windows Domain Manager" in the Windows Server 2003 Technical Reference on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=41700).
Note
When you disable a name suffix, all children of that Domain Name System (DNS) name will also be disabled.
Administrative credentials
To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory.
To enable or disable an existing name suffix for routing
Using the Windows interface
Open Active Directory Domains and Trusts.
In the console tree, right-click the domain that you want to administer, and then click Properties.
On the Trusts tab, under either Domains trusted by this domain (outgoing trusts) or Domains that trust this domain (incoming trusts), click the forest trust that you want to administer, and then click Properties.
Click the Name Suffix Routing tab, and then, under Name suffixes in the x.x forest, do one of the following:
To enable a name suffix, click the suffix that you want to enable, and then click Enable. If the Enable button is unavailable, the name suffix is already enabled.
To disable a name suffix, click the suffix that you want to disable, and then click Disable. If the Disable button is unavailable, the name suffix is already disabled.