Active Directory group name uniqueness requirement (query from C# client) -

our company's c# product uses system.directoryservices.accountmanagement query active directory users , groups. use following method principal:

... principalcontext principalcontext = new principalcontext(contexttype.domain); return principalcontext; ... 

we active directory groups using (e.g. groupname = "devs"):

... groupprincipal groupprincipal = groupprincipal.findbyidentity(this.principalcontext, groupname); ... 

everything works fine setup when run on simple, 1 domain active directory database.

my question is, happen when run code on big forest more 1 "devs" group? can there more 1 "devs" security group in forest? if so, how resolve "devs"? have switch using method:

public static groupprincipal findbyidentity(     principalcontext context,     identitytype identitytype,     string identityvalue ) 

i cannot simulate (lack of resources , lack of time) , have been reading lot this. know there local, global , universal security groups, spread among domain trees. domain trees in forest have sort of trust among roots, not ignorant of each other. worst case of having "devs" duplicates in forest , how application handle it?

it's pretty common task search through domain hierarchy. accountmanagement classes can following:

// connect global catalog of forest var context = new principalcontext(contexttype.domain, "contoso.com:3268", "dc=contoso,dc=com");  // build filter principal name , context var groupfilter = new groupprincipal(context) {name = "devs"};  // build searcher filter applied var searcher = new principalsearcher(groupfilter);  // should return groups in subdomains matching specified name var groups = searcher.findall().tolist();  foreach (var group in groups) {     console.writeline(group.distinguishedname); } 

you not have duplicates cause there can't more 1 group name ("devs") in domain. in accountmanagement terms create groupprincipal object context , name parameters , can't have more 1 in context same name.

if connect domain controller (new principalcontext(contexttype.domain)) findbyidentity search single domain. if connect global catalog of forest (like in example, port 3268) findbyidentity search entire forest. distinguishedname property show domain group belongs to.

as cross-forest access there need connect global catalog in every forest separately, because there's no user/group data replication between forests global catalogs.