3.4.4.3.3.2.4 ActiveDirectoryDomainController/Forest

The Forest element contains the FQDN (2) of the forest that contains the domain controller.

 <xs:element name="Forest" nillable="true" type="xs:string" />

The Forest element is populated from the crossRef!dnsRoot attribute on the Configuration crossRef object ([MS-ADTS] section 6.1.1.2.1.1.2) in the config NC that meets the following criteria:

• The objectClass attribute of the object is crossRef and the client has access rights to read the attribute.

• The crossRef!Enabled attribute is not present, is not equal to FALSE, or cannot be read due to the client lacking access rights to read the attribute.

If no crossRef object satisfies the above requirements, the server returns the SOAP fault described in section 3.4.4.3.8.1. If the crossRef!dnsRoot attribute has multiple values, then only one of the values MUST be chosen, but any of the values MAY be chosen<47> to populate the element. If crossRef!dnsRoot is not present or cannot be read due to the client lacking access rights to read the attribute, the server returns a null ActiveDirectoryDomainController/Forest element.