Forest.GetSelectiveAuthenticationStatus Method (String)

 
System_CAPS_noteNote

The .NET API Reference documentation has a new home. Visit the .NET API Browser on docs.microsoft.com to see the new experience.

Gets a Boolean value that indicates whether selective authentication is enabled on the inbound trust relationship with the specified forest. true if selective authentication is enabled; otherwise, false. For more information, see the Remarks section.

Namespace:   System.DirectoryServices.ActiveDirectory
Assembly:  System.DirectoryServices (in System.DirectoryServices.dll)

public bool GetSelectiveAuthenticationStatus(
	string targetForestName
)

Parameters

targetForestName
Type: System.String

The DNS name of the Forest with which the inbound trust relationship exists.

Return Value

Type: System.Boolean

true if selective authentication is enabled; otherwise, false.

Exception Condition
ActiveDirectoryObjectNotFoundException

There is no trust relationship with the Forest that is specified by targetForestName.

ActiveDirectoryOperationException

The call to LsaQueryTrustedDomainInfoByName failed. For more information, see the topic LsaQueryTrustedDomainInfoByName in the MSDN Library at http://msdn.microsoft.com/library.

ActiveDirectoryServerDownException

The target server is either busy or unavailable.

ArgumentException

targetForestName is an empty string.

ArgumentNullException

targetForestName is null.

ObjectDisposedException

The current object has been disposed.

UnauthorizedAccessException

The specified account does not have permission to perform this operation.

For a forest trust, if you opt for selective authentication, permissions must be manually enabled on each domain and resource in the local forest to which you want users in the other forest to have access.

When a user authenticates across a trust for which selective authentication is enabled, an Other Organization security ID (SID) is added to the user's authorization data. The presence of this SID prompts a check on the resource domain to ensure that the user is allowed to authenticate to the particular service. After the user is authenticated, the server that authenticates the user adds the This Organization SID if the Other Organization SID is not already present. Only one of these special SIDs can be present in an authenticated user's context.

.NET Framework
Available since 2.0
Return to top
Show: