3.2.5.3 Retrieving XML-Based Wired Group Policy for a GPO

The wired Group Policy plug-in gets a scoped GPO path (GPO DN) from the Group Policy client (as specified in section 3.2.4). The plug-in MUST issue an LDAP SearchRequest with the following parameters:

  • baseObject:  CN=IEEE8023, CN=Windows, CN=Microsoft, {Scoped GPO DN without LDAP:// prefix}

  • scope:  2

  • attributes:  ms-net-ieee-8023-GP-PolicyData

  • filter:  objectClass= ms-net-ieee-8023-GroupPolicy

For the specification of ms-net-ieee-8023-GP-PolicyData, see section 6.16, and as specified in [MS-ADSC]. If the specified filter returns multiple policy objects, the first LDAPMessage buffer is used to read the policy data. If the policy contains multiple Unicode strings, the first string is used.