4.6 GPO Creation Message
In this example, a GPO with the DN of "CN={1FE2ABF4-613E-4980-BA93-74F7B206A6C1},CN=Policies,CN=System,DC=test,DC=contoso,DC=com" is created, and the new GPOs GUID is "{1FE2ABF4-613E-4980-BA93-74F7B206A6C1}". This message is defined in section 2.2.8.1.
|
Parameter |
Value |
|---|---|
|
entry |
CN={1FE2ABF4-613E-4980-BA93-74F7B206A6C1},CN=Policies,CN=System,DC=test,DC=contoso,DC=com |
|
attributes |
objectClass: groupPolicyContainer versionNumber: 0 Flags: 0 |
On successful creation of the GPO, the client issues messages to create the user and machine subcontainers as shown in the following table.
User container: (the attributes field contains one attribute: objectClass).
|
Parameter |
Value |
|---|---|
|
entry |
CN=user,CN={1FE2ABF4-613E-4980-BA93-74F7B206A6C1},CN=Policies,CN=System,DC=test,DC=contoso,DC=com |
|
attributes |
objectClass: container |
Machine container: (the attributes field contains one attribute: objectClass).
|
Parameter |
Value |
|---|---|
|
entry |
CN=machine,CN={1FE2ABF4-613E-4980-BA93-74F7B206A6C1},CN=Policies,CN=System,DC=test,DC=contoso,DC=com |
|
attributes |
objectClass: container |
An LDAP SearchRequest is sent to the Group Policy server with the following parameters.
|
Parameter |
Value |
|---|---|
|
baseObject |
CN={1FE2ABF4-613E-4980-BA93-74F7B206A6C1},CN=Policies,CN=System,DC=test,DC=contoso,DC=com |
|
scope |
0 |
|
derefAliases |
0 |
|
sizeLimit |
0 |
|
timeLimit |
0 |
|
typesOnly |
0 |
|
filter |
(objectclass=*) |
|
attributes |
nTSecurityDescriptor |
This is followed by the creation of GPO on the Group Policy server SYSVOL share. In this example, the name of the Group Policy server machine is GPSvr1.test.contoso.com.
The following operations are involved:
Create Directory request for directory: \\GPSvr1.test.contoso.com \sysvol\test.contoso.com\Policies\{1FE2ABF4-613E-4980-BA93-74F7B206A6C1}
Modify the security descriptor on the directory to the value of the ntSecurityDescriptor Active Directory GPO attribute using an implementation-specific method.
Create File request for file: \\GPSvr1.test.contoso.com \sysvol\test.contoso.com\Policies\{1FE2ABF4-613E-4980-BA93-74F7B206A6C1}\gpt.ini
Write File request to write the contents of file: \\GPSvr1.test.contoso.com \sysvol\test.contoso.com\Policies\{1FE2ABF4-613E-4980-BA93-74F7B206A6C1}\gpt.ini, as defined in section 2.2.4 with the required section, "General"; the key, "Version"; and the value, "0".
Close request for the opened file.
Create Directory request for directory: \\GPSvr1.test.contoso.com \sysvol\test.contoso.com\Policies\{1FE2ABF4-613E-4980-BA93-74F7B206A6C1}\User
Create Directory request for directory: \\GPSvr1.test.contoso.com \sysvol\test.contoso.com\Policies\{1FE2ABF4-613E-4980-BA93-74F7B206A6C1}\Machine