Forest.SetSidFilteringStatus(String, Boolean) Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Sets the SID filtering state with the specified forest.
public:
void SetSidFilteringStatus(System::String ^ targetForestName, bool enable);
public void SetSidFilteringStatus (string targetForestName, bool enable);
member this.SetSidFilteringStatus : string * bool -> unit
Public Sub SetSidFilteringStatus (targetForestName As String, enable As Boolean)
Parameters
- enable
- Boolean
true
if SID filtering is to be enabled; otherwise, false
.
Exceptions
There is no trust relationship with the forest that is specified by targetForestName
.
A call to the underlying directory service resulted in an error.
The target server is either busy or unavailable.
targetForestName
is an empty string.
targetForestName
is null
.
The current object has been disposed.
Remarks
By default, new external and forest trusts in Windows Server 2003 Active Directory Domain Services enforce SID filtering. SID filtering is used to prevent attacks from malicious users who might try to grant elevated user rights to another user account. Enforcing SID filtering on forest trusts does not prevent migrations to domains within the same forest from using SID history and will not affect your universal group access control strategy.
Applies to
See also
.NET