Use of Forest.GetCurrentForest in RODC environment

1.1k views Asked by At

I've got a problem with using Forest.GetCurrentForest() method when communicating with a Read-only domain controller.

The exception thrown is:

System.DirectoryServices.ActiveDirectory.ActiveDirectoryServerDownException: The server is not operational.

Note: Everything works fine when communicating with a RWDC.

Previously, to fix other issues when communicating with a RODC, we had to modify the way we created DirectoryEntry objects, making use of the AuthenticationType.ReadOnlyServer flag. However I've seen (using reflector) that the GetCurrentForest() method creates its own DirectoryEntry object using a Utils class, which in turn uses a DefaultAuthType.

So, my question is: Does anyone know how to set/modify the DefaultAuthType so that it can return the required authentication type? Is there a better way to do this? The aim of this piece of code is simply to get the list of available domains visible to the server.

Thanks,

Ben

2

There are 2 answers

0
Ben Cawley On BEST ANSWER

Well, doesn't seem like there's an easy answer to this. In the end we rewrote the code to not use the Domain/Forest objects...

0
EH Ong On

What I do to "overcome" this issue was, I first try to get the Forest.GetCurrentForest(), and if exception thrown, I then use Domain.GetComputerDomain() for last solution, of cause, the list now only contain the domain that the web server joined.