3.2.5.1.3 Domain SOM Search

This procedure uses the domain controller name and the policy target DN that were retrieved in sections 3.2.5.1.1 and 3.2.5.1.2 for the Domain Scope of Management search. The policy target DN retrieved MUST be parsed to form the prioritized list of SOMs. The prioritized SOM list MUST store the SOM Object type (GPLinkOrganizationalUnit or GPLinkDomain) and the DN, and is populated as follows:

1. The DN MUST be parsed to compute the parent DN.

2. The parent DN that is computed MUST be appended to the end of the SOM list.

3. If there is a parent DN, and if it does not start with "DC=", steps 1 and 2 MUST be repeated with the parent DN computed until the DN starts with "DC=".

4. All of the SOMs in the SOM list that don't start with "OU=" or "DC=" MUST NOT be added to the SOM list.

All of the SOMs in the domain that are discovered MUST be searched to retrieve the gpLink and gpOptions attributes as follows:

1. Disable LDAP_OPT_REFERRALS by passing abstract element Group Policy Client AD Connection Handle (section 3.2.1.23), setting an LDAP Option on an ADConnection.

2. An LDAP SearchRequest as specified in section 2.2.2 MUST be sent from the client to the Group Policy server, and the SearchResponse received MUST be verified to satisfy the specified requirements. The SearchResponse contains the gpLink and gpOptions attribute values for all of the SOMs.

If there are no SOMs to search for, the protocol sequence continues at section 3.2.5.1.4 Site Search. If Domain SOM Search fails, the entire protocol sequence MUST be terminated and an event logged using an implementation-specific mechanism, as defined in section 3.2.5.1.