2.2.8.1.8 GPO Security Descriptor SearchRequest
An LDAP SearchRequest MUST be sent to the Group Policy server with the following parameters:
|
Parameter |
Value |
|---|---|
|
baseObject |
CN=<GPO DN> |
|
scope |
MUST be the base object (0). |
|
derefAliases |
MUST be set to 0 (neverDerefAliases). |
|
sizeLimit |
No limit is set (this MUST be set to 0). |
|
timeLimit |
MUST be set to 0 (infinite). |
|
typesOnly |
MUST be set to 0 (FALSE). |
|
filter |
The following LDAP filter (using the representation as specified in [RFC2254]) MUST be used: (objectclass=*) |
|
attributes |
nTSecurityDescriptor: A security descriptor whose format is specified in [MS-DTYP] section 2.4.6. |