SetSidFilteringStatus Method

Forest.SetSidFilteringStatus Method

Sets the SID filtering state with the specified forest.

Namespace:  System.DirectoryServices.ActiveDirectory
Assembly:  System.DirectoryServices (in System.DirectoryServices.dll)

public void SetSidFilteringStatus(
	string targetForestName,
	bool enable


Type: System.String
The DNS name of the Forest object with which the trust relationship exists.
Type: System.Boolean
true if SID filtering is to be enabled; otherwise, false.


There is no trust relationship with the forest that is specified by targetForestName.


A call to the underlying directory service resulted in an error.


The target server is either busy or unavailable.


targetForestName is an empty string.


targetForestName is null.


The current object has been disposed.

By default, new external and forest trusts in Windows Server 2003 Active Directory Domain Services enforce SID filtering. SID filtering is used to prevent attacks from malicious users who might try to grant elevated user rights to another user account. Enforcing SID filtering on forest trusts does not prevent migrations to domains within the same forest from using SID history and will not affect your universal group access control strategy.

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Community Additions

© 2016 Microsoft