Use of Forest.GetCurrentForest in RODC environment

Question

I've got a problem with using Forest.GetCurrentForest() method when communicating with a Read-only domain controller.

The exception thrown is:

System.DirectoryServices.ActiveDirectory.ActiveDirectoryServerDownException: The server is not operational.

Note: Everything works fine when communicating with a RWDC.

Previously, to fix other issues when communicating with a RODC, we had to modify the way we created DirectoryEntry objects, making use of the AuthenticationType.ReadOnlyServer flag. However I've seen (using reflector) that the GetCurrentForest() method creates its own DirectoryEntry object using a Utils class, which in turn uses a DefaultAuthType.

So, my question is: Does anyone know how to set/modify the DefaultAuthType so that it can return the required authentication type? Is there a better way to do this? The aim of this piece of code is simply to get the list of available domains visible to the server.

Thanks,

Ben

score 0 · Answer 1 · edited Sep 02 '15 at 10:36

0

What I do to "overcome" this issue was, I first try to get the Forest.GetCurrentForest(), and if exception thrown, I then use Domain.GetComputerDomain() for last solution, of cause, the list now only contain the domain that the web server joined.

edited Sep 02 '15 at 10:36

Max

1,810
3
26
37

answered Sep 02 '15 at 09:57

EH Ong

66
3

score 0 · Accepted Answer · answered Feb 24 '12 at 08:59

0

Well, doesn't seem like there's an easy answer to this. In the end we rewrote the code to not use the Domain/Forest objects...

answered Feb 24 '12 at 08:59

Ben Cawley

1,606
17
29

Use of Forest.GetCurrentForest in RODC environment

2 Answers2