2.2.3 Site Search
The purpose of this message is to allow the Group Policy client to query the Group Policy server for SOMs that are associated with the site that is associated with the client computer's account, because a site is also considered a SOM with relevance to the Group Policy: Core Protocol.
An LDAP SearchRequest MUST be sent to the Group Policy server with the following parameters:
|
Parameter |
Value |
|---|---|
|
baseObject |
Zero-length string (meaning rootDSE DN as defined in [MS-ADTS] section 1.1). |
|
Scope |
MUST be set to 0. Search the base entry only. Exclude entries below the base. |
|
derefAliases |
MUST be set to 0 (neverDerefAliases). |
|
sizeLimit |
MUST be set to 1 (the Scope parameter limits search to the base entry only and therefore, at most one entry can be returned). |
|
timeLimit |
MAY<3> be 0 (infinite), but SHOULD be 240 (seconds). |
|
typesOnly |
MUST be set to 0 (FALSE). |
|
Filter |
The following LDAP filter (using the representation as specified in [RFC2254]) MUST be used: (objectClass=*) |
|
attributes |
configurationNamingContext, nTSecurityDescriptor |
As specified in [RFC2251], a reply from the LDAP SearchRequest is received by the client from the Group Policy server with one LDAP searchResponse message. That message contains searchResultEntries which contain an attributes field with the values nTSecurityDescriptor, as specified in [MS-DTYP] section 2.4.6, and configurationNamingContext, from the rootDSE DN as defined in [MS-ADTS] section 1.1. The type of this value is a distinguishedName. From this value and the SiteName value, the site distinguished name (DN) can be computed. This computation is specified in section 3.2.5.1.4.
Another SearchRequest is made with the following parameters:
|
Parameter |
Value |
|---|---|
|
baseObject |
Site DN, as specified in section 3.2.5.1.4. |
|
Scope |
MUST be the base object (0). |
|
derefAliases |
MUST be set to 0 (neverDerefAliases). |
|
sizeLimit |
No limit is set (this MUST be set to 0). |
|
timeLimit |
MAY<4> be 0 (infinite), but SHOULD be 240 (seconds). |
|
typesOnly |
MUST be set to 0 (FALSE). |
|
Filter |
The following LDAP filter (using the representation as specified in [RFC2254]) MUST be used: (objectClass=*) |
|
Attributes |
gpLink and gpOptions attributes. |
The searchResponse received MUST meet the same requirements as those specified in the Domain Scope of Management Search (section 2.2.2).