Forum Discussion

aweti's avatar
aweti
Copper Contributor
Dec 05, 2024

Domain Trusts

I am currently testing Windows Server 2025 before rolling any upgrades out to our customer base. We have trusts configured between two remote forests where one of the domains is a subdomain of the other. Because of this we have to use Name Suffix Routing Exclusions to prevent AD attempting to route the subdomain through the parent. However, every time the 2025 domain controllers are rebooted the exclusions are being wiped. Is this a known bug in 2025?

Active Directory
Windows Server
  • kyazaferr's avatar
    kyazaferr
    Iron Contributor
    Dec 09, 2024

    1. Known Issues and Updates

    • Check for Known Issues:
      • Review the release notes or known issues documentation for Windows Server 2025 from Microsoft's official channels. Such information is typically provided in their Insider Program forums or support portals.
    • Install Updates:
      • Ensure that you have installed the latest updates or cumulative patches for Windows Server 2025, as early builds often contain bugs that are addressed in later updates.

    2. Troubleshooting Steps

    Validate Configuration Persistence

    • After configuring the Name Suffix Routing Exclusions, verify that the changes are stored correctly in the AD configuration partition:
      • Run repadmin /showattr on the trust object to confirm the exclusions.
      • Use ADSI Edit to navigate to the trust settings and verify that the exclusion attributes are saved.

    Event Logs

    • Check the Directory Services Logs in Event Viewer for any errors related to the trust configuration or replication.
    • Look for events specifically around startup or trust-related operations that might indicate why the exclusions are not persisting.

    Check Group Policy Conflicts

    • Ensure that no Group Policy settings or scripts are overwriting or removing the trust configurations.
    • Review startup scripts or administrative templates applied to the domain controllers.

    3. Workaround to Restore Exclusions

    If the issue persists, consider creating a script to reapply the exclusions automatically on reboot:

    1. Use PowerShell to configure exclusions:
    2. Set-ADReplicationSiteLink -Identity "TrustLinkName" -NameSuffixRoutingEnabled $false
    3. Automate the script to run as a startup task or through Scheduled Tasks.

    4. Escalation

    • If this is confirmed to be a bug, report it through:
      • The Windows Insider Program feedback hub.
      • Your Microsoft Support channel if you have a contract.

    5. Future Preparation

    If the issue is critical and no immediate fix exists, consider delaying upgrades to Windows Server 2025 in production environments until a stable build is released. Continue testing in isolated environments to validate changes.

Resources