3.4.4.2.3.1.14 ActiveDirectoryDomain/ParentDomain

The ParentDomain element contains the FQDN (2) of the parent domain for this domain, if any.

 <xs:element name="ParentDomain" nillable="true" type="xs:string" />

The ParentDomain element is populated from crossRef!dnsRoot attribute on domain crossRef object ([MS-ADTS] section 6.1.1.2.1.1.4) that meets the following criteria.

• The crossRef!ncName attribute is equal to the crossRef!trustParent attribute on the domain NC's crossRef object and the client has access rights to read the attributes.

• The crossRef!systemFlags attribute's FLAG_CR_NTDS_NC and FLAG_CR_NTDS_DOMAIN bits are set to 1 and the client has access rights to read the attribute. See [MS-ADTS] section 6.1.1.2.1.1.

• The crossRef!dnsRoot attribute is present and the client has access rights to read the attribute.

• The crossRef!Enabled attribute is not present, is not equal to FALSE, or cannot be read due to the client lacking access rights to read the attribute.

If no crossRef objects satisfy the above requirements, the server returns a null ActiveDirectoryDomain/ParentDomain element. If multiple crossRef objects satisfy the above requirements, then only one of the crossRef object MUST be chosen, but any of the objects MAY be chosen<37>  in constructing the response. If the crossRef!dnsRoot attribute on the chosen crossRef object satisfying the above requirements has multiple values, then only one of the values MUST be chosen, but any of the values MAY be chosen<38> to populate the element.