3.4.4.2.3.1.8 ActiveDirectoryDomain/ForeignSecurityPrincipalsContainer
The ForeignSecurityPrincipalsContainer is the distinguished name of the Foreign Security Principals Container ([MS-ADTS] section 6.1.1.4.10) directory object in the domain.
-
<xs:element name="ForeignSecurityPrincipalsContainer" nillable="true" type="xs:string" />
The ForeignSecurityPrincipalsContainer element is populated from the DN portion ([MS-ADTS] section 6.1.1.4) of one of the values of the multivalued attribute domainDNS!wellKnownObjects on the domain NC root object which meets the following criteria:
The Binary portion of value of the value is equal to GUID_FOREIGNSECURITYPRINCIPALS_CONTAINER_W. See [MS-ADTS] section 6.1.1.4.
If multiple values satisfy the above requirements, then only one of the values MUST be chosen, but any of the values MAY be chosen<32> to populate the element. If no values satisfy the above requirements, the server returns a null ActiveDirectoryDomain/ForeignSecurityPrincipalsContainer element. If the domainDNS!wellKnownObjects attribute is not present or cannot be read due to the client lacking access rights to read the attribute, the server returns the SOAP fault as described in section 3.4.4.2.8.1.