3.4.4.2.3.2.3 ActiveDirectoryPartition/DNSRoot

The DNSRoot element contains the FQDN (2) of the root domain of the domain tree that contains the domain.

 <xs:element name="DNSRoot" nillable="true" type="xs:string" />

The DNSRoot element is populated from the crossRef!dnsRoot attribute on the domain crossRef object ([MS-ADTS] section 6.1.1.2.1.1.4) that meets the following criteria:

• The crossRef!ncName attribute is equal to the rootDSE!defaultNamingContext attribute and the client has access rights to read the attributes.

• The crossRef!systemFlags attribute's FLAG_CR_NTDS_NC and FLAG_CR_NTDS_DOMAIN bits are set to 1 and the client has access rights to read the attribute. See [MS-ADTS] section 6.1.1.2.1.1.

• The crossRef!Enabled attribute is not present, is not equal to FALSE, or cannot be read due to the client lacking access rights to read the attribute.

If no crossRef objects satisfy the above requirements, the server returns the SOAP fault described in section 3.4.4.2.8.1. If multiple crossRef objects satisfy the above requirements, then only one of the crossRef object MUST be chosen, but any of the objects MAY be chosen <42> in constructing the response. If the crossRef!dnsRoot attribute on the chosen crossRef object that satisfies the above requirements has multiple values, then only one of the values MUST be chosen, but any of the values MAY be chosen<43> to populate the element. If the crossRef!dnsRoot attribute on the chosen crossRef object that satisfies the above requirements is not present or cannot be read due to the client lacking access rights to read the attribute, the server returns a null ActiveDirectoryPartition/DNSRoot element.