3.1.5.3 Modifying a Wireless or Wired Policy Object on Active Directory

When the administrative-side plug-in attempts to modify an existing wireless or wired GPO for a GPO, the following protocol sequence MUST be generated:

  1. Identify an existing wireless or wired policy from the Active Directory that is to be modified. This can be done using the steps mentioned in section 3.1.5.1.

  2. For this policy, identify the following values.

    Parameter

    Value

    policyName

    Name of the policy object.

    policyIdentifier

    For BLOB-based wireless policy: msieee80211-ID.

    For XML-based wireless policy:

    ms-net-ieee-80211-GP-PolicyGUID: A unique identifier to identify the policy object.

    For wired Group Policy:

    ms-net-ieee-8023-GP-PolicyGUID: A unique identifier to identify the policy object.

  3. The administrative-side plug-in MUST modify the existing object in the Active Directory that contains the wireless or wired policy settings. It MUST send an LDAP modifyRequest, as specified in [RFC2251], with the following parameters.

    Parameter

    Value

    Entry

    For BLOB-based wireless policy:

    • It MUST be CN=policyName, CN=Wireless, CN=Windows, CN=Microsoft, Scoped GPO DN.

    For XML-based wireless policy:

    • It MUST be CN=policyName, CN=IEEE80211, CN=Windows, CN=Microsoft, Scoped GPO DN.

    For wired policy:

    • It MUST be CN=policyName, CN=IEEE8023, CN=Windows, CN=Microsoft, Scoped GPO DN.

    Where policyName is the name of the policy identified in step 2.

    attributes

    This field MUST specify the following attributes:

    For BLOB-based wireless policy:

    • msieee80211-ID MUST be set the same as the one identified in step 2 for policyIdentifier.

    • msieee80211-Data MUST be a data BLOB containing the modified policy settings formatted according to a well-defined format that describes the different settings in the policy. For more information about interpreting this data, see section 3.1.5.1.

    • description MUST be a user-defined description for the policy.

    • whenChanged MUST be a time stamp of the policy modification time by the administrative-side plug-in.

    For XML-based wireless policy:

    • ms-net-ieee-80211-GP-PolicyGUID MUST be set the same as the one identified in step 2 for policyIdentifier.

    • ms-net-ieee-80211-GP-PolicyData MUST be an XML string containing modified policy settings according to a well-defined schema. For more information, see section 2.2.

    • description is a description for the policy.

    • whenChanged MUST be a time stamp of the policy modification time by the administrative-side plug-in.

    For wired Group Policy:

    • ms-net-ieee-8023-GP-PolicyGUID MUST be set the same as the one identified in step 2 for policyIdentifier.

    • ms-net-ieee-8023-GP-PolicyData MUST be an XML string containing modified policy settings according to a well-defined schema. For more information, see section 2.2.

    • description: A description for the policy.

    • whenChanged MUST be a time stamp of the policy modification time by the administrative-side plug-in.

    This message modifies the existing Active Directory object of the corresponding policy.

    If the resultCode field of the modifyResponse message is nonzero, the modify operation failed. In this case, this protocol sequence MUST proceed to step 5 (LDAP UnbindRequest).

  4. The administrative tool MUST invoke the Group Policy Extension Update task defined in [MS-GPOL] section 3.3.4.4.

  5. An LDAP UnbindRequest is made by the plug-in that corresponds to the previous LDAP BindRequest to close the connection, unless the plug-in will reuse the ADConnection Handle (section 3.1.1.1) for future requests.