2.2.8.1.5 GPO AddRequest
The creation of the Active Directory portion of the new GPO MUST be accomplished through an LDAP addRequest message with the following parameters:
|
Parameter |
Value |
|---|---|
|
entry |
A GPO DN that is unique for the GPO in the domain. An administrative tool MUST generate the GUID portion of the GPO DN by using the GUID-generation algorithm, as specified in [C706] Appendix A Universal Unique Identifier, to ensure that the DN is unique in the domain. |
|
attributes |
MUST contain two attributes: objectClass and cn. |
The LDAP addRequest message attributes parameter has the following format:
|
Attribute name |
Value |
Meaning |
|---|---|---|
|
objectClass |
MUST be the directory string value "groupPolicyContainer". |
Name of the Active Directory object class type to create through this message. |
|
cn |
MUST be a curly braced GUID string in directory string format. |
Name of the Active Directory GPO container. |
Similar addRequest messages MUST be made to create subcontainers of the groupPolicyContainer object. The addRequest messages MUST have the following parameters and attributes.