Forest.SetSidFilteringStatus(String, Boolean) 方法
定义
对指定林设置 SID 筛选状态。Sets the SID filtering state with the specified forest.
public:
void SetSidFilteringStatus(System::String ^ targetForestName, bool enable);
public void SetSidFilteringStatus (string targetForestName, bool enable);
member this.SetSidFilteringStatus : string * bool -> unit
Public Sub SetSidFilteringStatus (targetForestName As String, enable As Boolean)
参数
- targetForestName
- String
与其存在信任关系的 Forest 对象的 DNS 名称。The DNS name of the Forest object with which the trust relationship exists.
- enable
- Boolean
如果要启用 SID 筛选,则为 true;否则为 false。true if SID filtering is to be enabled; otherwise, false.
例外
与 targetForestName 指定的目录林没有信任关系。There is no trust relationship with the forest that is specified by targetForestName.
调用基础目录服务导致错误。A call to the underlying directory service resulted in an error.
目标服务器忙或不可用。The target server is either busy or unavailable.
targetForestName 是一个空字符串。targetForestName is an empty string.
targetForestName 为 null。targetForestName is null.
当前对象已被释放。The current object has been disposed.
注解
默认情况下,Windows Server 2003 中的新的外部和林信任 Active Directory 域服务强制执行 SID 筛选。By default, new external and forest trusts in Windows Server 2003 Active Directory Domain Services enforce SID filtering. SID 筛选用于防止恶意用户攻击,这些用户可能会尝试将提升的用户权限授予其他用户帐户。SID filtering is used to prevent attacks from malicious users who might try to grant elevated user rights to another user account. 在林信任上强制执行 SID 筛选不会阻止迁移到同一个林中的域使用 SID 历史记录,也不会影响通用组访问控制策略。Enforcing SID filtering on forest trusts does not prevent migrations to domains within the same forest from using SID history and will not affect your universal group access control strategy.