2.1 Transport

The Wireless/Wired Group Policy Protocol uses the LDAP protocol [RFC2251] to read and write data to the remote Active Directory  data store. The client-side and administrative-side plug-ins MUST use the LDAP bind mechanism in Active Directory to perform authentication (as specified in [MS-ADTS] section 5.1.1) and SHOULD use the LDAP message security layer to provide message integrity and confidentiality protection services that are negotiated as part of the authentication (as specified in [MS-ADTS] section 5.1.2.1).