3.1.3 Initialization

When the IPsec administrative plug-in starts, the Group Policy Protocol component (as specified in [MS-GPOL] (section 1.3.3.1), "Server Discovery and Group Policy Object Association" and [MS-GPOL] (section 1.3.3.2), "GPO Retrieval") gives it an LDAP path (as defined in [RFC2251]) that identifies the GPO path that contains the IPsec policy. The plug-in MUST then use this path to read the current active policy (if any) from the GPO path by using the messages specified in section 3.2.5.3.

The IPsec administrative plug-in MUST then retrieve the details of the IPsec policy objects that are currently available for assignment to the GPO from the IP Security Active Directory container, as specified in section 3.2.5.4. If this fails, administrators MUST be informed so that they can determine the appropriate action to take.