4.6 GPO Creation Message

In this example, a GPO with the DN of "CN={1FE2ABF4-613E-4980-BA93-74F7B206A6C1},CN=Policies,CN=System,DC=test,DC=contoso,DC=com" is created, and the new GPOs GUID is "{1FE2ABF4-613E-4980-BA93-74F7B206A6C1}". This message is defined in section 2.2.8.1.

Parameter

Value

entry

CN={1FE2ABF4-613E-4980-BA93-74F7B206A6C1},CN=Policies,CN=System,DC=test,DC=contoso,DC=com

attributes

 objectClass: groupPolicyContainer

 versionNumber: 0

 Flags: 0

 On successful creation of the GPO, the client issues messages to create the user and machine subcontainers as shown in the following table.

User container: (the attributes field contains one attribute: objectClass).

Parameter

Value

entry

CN=user,CN={1FE2ABF4-613E-4980-BA93-74F7B206A6C1},CN=Policies,CN=System,DC=test,DC=contoso,DC=com

attributes

 objectClass: container

Machine container: (the attributes field contains one attribute: objectClass).

Parameter

Value

entry

CN=machine,CN={1FE2ABF4-613E-4980-BA93-74F7B206A6C1},CN=Policies,CN=System,DC=test,DC=contoso,DC=com

attributes

 objectClass: container

An LDAP SearchRequest is sent to the Group Policy server with the following parameters.

Parameter

Value

baseObject

CN={1FE2ABF4-613E-4980-BA93-74F7B206A6C1},CN=Policies,CN=System,DC=test,DC=contoso,DC=com

scope

0

derefAliases

0

sizeLimit

0

timeLimit

0

typesOnly

0

filter

(objectclass=*)

attributes

nTSecurityDescriptor

This is followed by the creation of GPO on the Group Policy server SYSVOL share. In this example, the name of the Group Policy server machine is GPSvr1.test.contoso.com.

 The following operations are involved:

  • Create Directory request for directory: \\GPSvr1.test.contoso.com \sysvol\test.contoso.com\Policies\{1FE2ABF4-613E-4980-BA93-74F7B206A6C1}

  • Modify the security descriptor on the directory to the value of the ntSecurityDescriptor Active Directory GPO attribute using an implementation-specific method.

  • Create File request for file: \\GPSvr1.test.contoso.com \sysvol\test.contoso.com\Policies\{1FE2ABF4-613E-4980-BA93-74F7B206A6C1}\gpt.ini

  • Write File request to write the contents of file: \\GPSvr1.test.contoso.com \sysvol\test.contoso.com\Policies\{1FE2ABF4-613E-4980-BA93-74F7B206A6C1}\gpt.ini, as defined in section 2.2.4 with the required section, "General"; the key, "Version"; and the value, "0".

  • Close request for the opened file.

  • Create Directory request for directory: \\GPSvr1.test.contoso.com \sysvol\test.contoso.com\Policies\{1FE2ABF4-613E-4980-BA93-74F7B206A6C1}\User

  • Create Directory request for directory: \\GPSvr1.test.contoso.com \sysvol\test.contoso.com\Policies\{1FE2ABF4-613E-4980-BA93-74F7B206A6C1}\Machine