3.3 Example 3: Populating the Administrative Tool with Configuration Data
This example demonstrates the processes that occur when the Administrative tool loads and retrieves the appropriate information from the data stores that contain Group Policy data. The Administrative tool is populated with data that is retrieved from the Group Policy server.
This example maps to the use case specified in Administering Group Policy (section 2.5.3).
Prerequisites
The following prerequisites apply to this example:
Policy information that is stored in the Group Policy data store aligns with business and organizational requirements.
The Group Policy administrator who is running the Administrative tool has read/write access to Active Directory on the Group Policy server and to the Group Policy file share.
The Group Policy server is a read/write domain controller (DC).
The Administrative tool is able to discover and communicate with the Group Policy server, as described in [MS-GPOL] section 3.2.5.1.1.
Note that the Group Policy server (DC) discovery and connection sequence for the Group Policy client and Administrative tool are identical.
The computer hosting the Administrative tool is joined to the domain and the Group Policy administrator is logged on with domain credentials of sufficient rights.
In this scenario, it is assumed that the Group Policy file share resides on the Group Policy server.
Initial System State
The initial state of the Group Policy protocols corresponds to the previously specified prerequisites.
Final System State
The state of the Group Policy protocols and components after execution of this example can be described as follows:
The Administrative tool retrieved all the existing policies on the Group Policy server.
Sequence of events
The following diagram illustrates the message sequence that occurs when the Administrative tool retrieves GPO data from the Group Policy server and policy settings from the Group Policy file share.

Figure 13: Populating the Administrative tool with data
The message sequence for this example is described as follows:
The Administrative tool makes a sequence of LDAP calls to the Group Policy server to retrieve GPO information via the message types described in [MS-GPOL] sections 2.2.2, 2.2.3, 2.2.4, 2.2.5, and 2.2.7.
The GPO information that is returned in response to the LDAP queries is used to populate the tool.
During editing operations, the Administrative tool invokes one or more extension protocols, which communicate with the Group Policy file share via a file access protocol to return existing policy settings.
The returned policy settings information is used to populate the tool.