2.1.3.1.3 Site SOM Search and Response

After the Group Policy client has determined its domain SOM, it then uses a site search message, as described in [MS-GPOL] sections 2.2.3 and 3.2.5.1.4, to determine the site to which the computer belongs. The name of the site to which the Group Policy client computer belongs is maintained by the client site name ADM element, as described in [MS-ADOD] section 3.1.1. Because the site can change based on the Group Policy client's location, the site name ADM element is maintained as part of policy processing.

After the Group Policy client has the site to which it belongs, it makes an LDAP query for the same attributes that a domain SOM search does. These are the gpLink and gpOptions attributes, although the Group Policy client also passes the site name that it has discovered in this LDAP query. The Group Policy server returns the gpLink and gpOptions attribute values that apply to the Group Policy client for processing.

The gpLink attribute that is retrieved from the site container in Active Directory holds LDAP DNs for GPOs that are associated with site-level SOM. Similar to the domain-level SOM, this information enables the policy application process to determine GPO names, the policy file location on the Group Policy file share, and any extensions specified in the GPO Extension lists, all of which apply to site-level SOM. The site DN and the gpLink and gpOptions ADM element values are appended to the end of the SOM list. For more information about the SOM list ADM element, see [MS-GPOL] section 3.2.1.6.

If the site search message specified in [MS-GPOL] section 2.2.3 is invalid in any way, the entire Group Policy: Core Protocol policy application sequence is terminated.