3.1.4 Higher-Layer Triggered Events
The higher-layer triggered events are: policy creation, policy modification, policy deletion, reading the policy, and assigning the policy to a GPO.
The administrator triggers each of these events by using the administrative plug-in.
On the policy creation/modify, the IPsec Protocol plug-in MUST generate the messages to create or modify the IPsec policy in the Active Directory store, as specified in IPsec Policy Creation/Modification (section 2.2.1).
On policy reading, the IPsec Protocol plug-in MUST generate the messages specified in section 3.1.5.4.
On policy deleting, the IPsec Protocol plug in MUST generate the messages specified in section 3.1.5.7.
For assigning policy to a GPO, the IPsec Protocol plug-in MUST generated the messages as specified in section 3.1.5.8.
In all cases, if this fails, the administrator MUST be informed so that they can determine the appropriate action to take.