This topic has not yet been rated - Rate this topic

Forest.GetSelectiveAuthenticationStatus Method

Gets a Boolean value that indicates whether selective authentication is enabled on the inbound trust relationship with the specified forest. true if selective authentication is enabled; otherwise, false. For more information, see the Remarks section.

Namespace:  System.DirectoryServices.ActiveDirectory
Assembly:  System.DirectoryServices (in System.DirectoryServices.dll)
public bool GetSelectiveAuthenticationStatus(
	string targetForestName


Type: System.String

The DNS name of the Forest with which the inbound trust relationship exists.

Return Value

Type: System.Boolean
true if selective authentication is enabled; otherwise, false.

There is no trust relationship with the Forest that is specified by targetForestName.


The call to LsaQueryTrustedDomainInfoByName failed. For more information, see the topic LsaQueryTrustedDomainInfoByName in the MSDN Library at


The target server is either busy or unavailable.


targetForestName is an empty string.


targetForestName is null.


The current object has been disposed.


The specified account does not have permission to perform this operation.

For a forest trust, if you opt for selective authentication, permissions must be manually enabled on each domain and resource in the local forest to which you want users in the other forest to have access.

When a user authenticates across a trust for which selective authentication is enabled, an Other Organization security ID (SID) is added to the user's authorization data. The presence of this SID prompts a check on the resource domain to ensure that the user is allowed to authenticate to the particular service. After the user is authenticated, the server that authenticates the user adds the This Organization SID if the Other Organization SID is not already present. Only one of these special SIDs can be present in an authenticated user's context.

.NET Framework

Supported in: 4.5.1, 4.5, 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows Phone 8.1, Windows Phone 8, Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
© 2014 Microsoft. All rights reserved.