Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Forest.SetSidFilteringStatus Method

Sets the SID filtering state with the specified forest.

Namespace: System.DirectoryServices.ActiveDirectory
Assembly: System.DirectoryServices (in system.directoryservices.dll)

public void SetSidFilteringStatus (
	string targetForestName,
	bool enable
public void SetSidFilteringStatus (
	String targetForestName, 
	boolean enable
public function SetSidFilteringStatus (
	targetForestName : String, 
	enable : boolean
Not applicable.



The DNS name of the Forest object with which the trust relationship exists.


true if SID filtering is to be enabled; otherwise, false.

Exception typeCondition


There is no trust relationship with the forest that is specified by targetForestName.


A call to the underlying directory service resulted in an error.


The target server is either busy or unavailable.


targetForestName is an empty string.


targetForestName is a null reference (Nothing in Visual Basic).


The current object has been disposed.

By default, new external and forest trusts in Windows Server 2003 Active Directory enforce SID filtering. SID filtering is used to prevent attacks from malicious users who might try to grant elevated user rights to another user account. Enforcing SID filtering on forest trusts does not prevent migrations to domains within the same forest from using SID history and will not affect your universal group access control strategy.

Windows 98, Windows Server 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0

Community Additions

© 2015 Microsoft