3.3.3 Initialization
When the Group Policy administrative tool starts, it is provided with a Group Policy server name. That name is stored in the Group Policy Server ADM element (section 3.3.1.4).
The administrative tool invokes the task "Initialize an ADConnection", as defined in [MS-ADTS] section 7.6.1.1, with the following parameters:
TaskInputTargetName: Value of Group Policy Server ADM element.
TaskInputPortNumber: 389
Store the new TaskReturnADConnection returned from the task as the Administrative Tool AD Connection Handle ADM element.
If the task returns failure, policy administration MUST be terminated and an error presented to the administrator.
The administrator selects a GPO GUID to edit a GPO or enters a new GPO GUID to create a GPO. This GPO is saved in the Administered GPO ADM element and is the object of all further administrative tool actions. When creating a new GPO, the GPO Creation Message (section 2.2.8.1) MUST be used. When the GPO is being edited, the tool MUST attempt to access that GPO and read the GPO's user and computer Group Policy extension lists to determine the Group Policy extension administrative tool plug-ins that are needed to read or write settings in the GPO. It does this by using a GPO Read Administration (section 2.2.7) message. The administrative tool checks for write access to the GPO by retrieving the allowedAttributesEffective attribute and ensuring that it contains versionNumber.
After this action, the Group Policy administrative tool can invoke the correct Group Policy extension, depending on user input, that directs the tool to show some (or all) of the settings, or to allow those settings to be changed.