1.6 Applicability Statement

The Group Key Distribution Protocol is appropriate for use when it is desirable to associate cryptographic keys with security descriptors in an Active Directory domain. It is only appropriate for a client to use this protocol when it has valid authentication credentials in a domain that contains at least one DC with a DC functional level of DS_BEHAVIOR_WIN2012 or higher, as specified in section 1.5. Also, this protocol is not appropriate when protection against untrusted domain administrators is desired, as specified in section 5.1.