Forest.SetSidFilteringStatus Method (String, Boolean)

 

Sets the SID filtering state with the specified forest.

Namespace:   System.DirectoryServices.ActiveDirectory
Assembly:  System.DirectoryServices (in System.DirectoryServices.dll)

public void SetSidFilteringStatus(
	string targetForestName,
	bool enable
)

Parameters

targetForestName
Type: System.String

The DNS name of the Forest object with which the trust relationship exists.

enable
Type: System.Boolean

true if SID filtering is to be enabled; otherwise, false.

Exception Condition
ActiveDirectoryObjectNotFoundException

There is no trust relationship with the forest that is specified by targetForestName.

ActiveDirectoryOperationException

A call to the underlying directory service resulted in an error.

ActiveDirectoryServerDownException

The target server is either busy or unavailable.

ArgumentException

targetForestName is an empty string.

ArgumentNullException

targetForestName is null.

ObjectDisposedException

The current object has been disposed.

By default, new external and forest trusts in Windows Server 2003 Active Directory Domain Services enforce SID filtering. SID filtering is used to prevent attacks from malicious users who might try to grant elevated user rights to another user account. Enforcing SID filtering on forest trusts does not prevent migrations to domains within the same forest from using SID history and will not affect your universal group access control strategy.

.NET Framework
Available since 2.0
Return to top
Show: