Forest.SetSidFilteringStatus(String, Boolean) Method

Definition

Namespace:

System.DirectoryServices.ActiveDirectory

Assembly:

System.DirectoryServices.dll

Package:

System.DirectoryServices v9.0.0-preview.3.24172.9

Source:

Forest.cs

Sets the SID filtering state with the specified forest.

public:
 void SetSidFilteringStatus(System::String ^ targetForestName, bool enable);

public void SetSidFilteringStatus (string targetForestName, bool enable);

member this.SetSidFilteringStatus : string * bool -> unit

Public Sub SetSidFilteringStatus (targetForestName As String, enable As Boolean)

Parameters

targetForestName

String

The DNS name of the Forest object with which the trust relationship exists.

enable

Boolean

true if SID filtering is to be enabled; otherwise, false.

Exceptions

ActiveDirectoryObjectNotFoundException

There is no trust relationship with the forest that is specified by targetForestName.

ActiveDirectoryOperationException

A call to the underlying directory service resulted in an error.

ActiveDirectoryServerDownException

The target server is either busy or unavailable.

ArgumentException

targetForestName is an empty string.

ArgumentNullException

targetForestName is null.

ObjectDisposedException

The current object has been disposed.

Remarks

By default, new external and forest trusts in Windows Server 2003 Active Directory Domain Services enforce SID filtering. SID filtering is used to prevent attacks from malicious users who might try to grant elevated user rights to another user account. Enforcing SID filtering on forest trusts does not prevent migrations to domains within the same forest from using SID history and will not affect your universal group access control strategy.

See also

• GetSidFilteringStatus(String)
• Working With Trusts