3.4.4.2.3.1.3 ActiveDirectoryDomain/ChildDomains

  • Article

The ChildDomains element contains an array of FQDNs (2) of the child domains of the domain.

 <xs:element
     name="ChildDomains" nillable="true" type="sera:ArrayOfstring" />

The ChildDomains element is populated from the crossRef!dnsRoot attribute of all crossRef objects ([MS-ADTS] section 6.1.1.2.1.1.4) that meet the following criteria:

  • The crossRef!trustParent attribute is equal to the DN of the domain and the client has access rights to read the attribute.

  • The crossRef!systemFlags attribute's bits FLAG_CR_NTDS_NC and FLAG_CR_NTDS_DOMAIN are set to 1 and the client has access rights to read the attribute. See [MS-ADTS] section 6.1.1.2.1.1.

  • The crossRef!dnsRoot attribute is present, and the client has access rights to read the attribute.

  • The crossRef!Enabled attribute is not present, is not equal to FALSE, or cannot be read due to the client lacking access rights to read the attribute.

If the crossRef!dnsRoot attribute on a crossRef object satisfying the above requirements has multiple values, then only one of the values MUST be chosen, but any of the values MAY be chosen<29>  to populate the element. If no crossRef objects satisfy the above requirements, the server returns a null ActiveDirectoryDomain/ChildDomains element.