Forest.GetSelectiveAuthenticationStatus(String) Method

Reference

Definition

Namespace:: System.DirectoryServices.ActiveDirectory

Assembly:: System.DirectoryServices.dll

Package:: System.DirectoryServices v8.0.0

Package:: System.DirectoryServices v9.0.0-rc.2.24473.5

Source:: Forest.cs

Source:: Forest.cs

Source:: Forest.cs

Source:: Forest.cs

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Gets a Boolean value that indicates whether selective authentication is enabled on the inbound trust relationship with the specified forest. true if selective authentication is enabled; otherwise, false.

public:
 bool GetSelectiveAuthenticationStatus(System::String ^ targetForestName);

public bool GetSelectiveAuthenticationStatus (string targetForestName);

member this.GetSelectiveAuthenticationStatus : string -> bool

Public Function GetSelectiveAuthenticationStatus (targetForestName As String) As Boolean

Parameters

targetForestName: String

The DNS name of the Forest with which the inbound trust relationship exists.

Returns

Boolean

true if selective authentication is enabled; otherwise, false.

Exceptions

ActiveDirectoryObjectNotFoundException

There is no trust relationship with the Forest that is specified by targetForestName.

ActiveDirectoryOperationException

The call to LsaQueryTrustedDomainInfoByName failed. For more information, see LsaQueryTrustedDomainInfoByName.

ActiveDirectoryServerDownException

The target server is either busy or unavailable.

ArgumentException

targetForestName is an empty string.

ArgumentNullException

targetForestName is null.

ObjectDisposedException

The current object has been disposed.

UnauthorizedAccessException

The specified account does not have permission to perform this operation.

Remarks

For a forest trust, if you opt for selective authentication, permissions must be manually enabled on each domain and resource in the local forest to which you want users in the other forest to have access.

When a user authenticates across a trust for which selective authentication is enabled, an Other Organization security ID (SID) is added to the user's authorization data. The presence of this SID prompts a check on the resource domain to ensure that the user is allowed to authenticate to the particular service. After the user is authenticated, the server that authenticates the user adds the This Organization SID if the Other Organization SID is not already present. Only one of these special SIDs can be present in an authenticated user's context.

Applies to

Delen via