3.2.5.1.4 Site Search

This procedure is skipped if Machine Role is equal to DsRole_RoleStandaloneWorkstation or DsRole_RoleStandaloneServer.

The site to which the client computer belongs (the SiteName) is determined by invoking the DsrGetSiteName method (as specified in [MS-NRPC] section 3.5.4.3.6) locally with the following parameters:

• NULL for ComputerName.

If the method returns ERROR_NO_SITENAME, the remainder of this message MUST be skipped and the protocol sequence MUST continue at GPO Search (section 3.2.5.1.5) . The initial site named "Default-First-Site-Name" is documented in [MS-ADTS] section 6.1.1.2.2.1 that specifies the Site object. If the method returns any other nonzero error code, policy application MUST be terminated. If the method returns zero, then the DN of the configuration container of the domain MUST be searched for as follows:

1. An LDAP SearchRequest as specified in section 2.2.3 MUST be sent from the client to Group Policy server, and the SearchResponse received MUST be verified to satisfy the specified requirements. The SearchResponse contains the configurationNamingContext attribute value. From this value and the SiteName value (the out parameter of the previous DsrGetSiteName method call), the site distinguished name (DN) MUST be computed by concatenating the strings "CN=", <the site name>, ",CN=Sites,", and <the DN of the configuration container>. This site DN MUST be used for the remainder of this message to retrieve the attributes of the site object.

2. Another LDAP SearchRequest, as specified in section 2.2.3, MUST be sent from the client to the Group Policy server to retrieve the gpLink and gpOptions attribute values.

If this message is invalid in any way, as specified in section 2.2.3, the entire Group Policy: Core Protocol policy application sequence MUST be terminated and an event logged using an implementation-specific mechanism, as defined in section 3.2.5.1.

The site DN and Object type (GPLinkSite) MUST be appended to the end of the SOM list.