5.1 Security Considerations for Implementers
Information returned by this protocol can reveal more than is appropriate for anonymous users, thus resulting in an information leak. An anonymous user can access DsRolerGetPrimaryDomainInformation on a domain controller but not on a computer that is not running a domain controller. Implementers therefore need to determine whether to allow access to anonymous users.