There are many security risks with running Active Directory. In the Year 2022, one of these is still running your Active Directory with unsigned/simple ldap binds.
If you don’t already have a PKI environment setup you should probably work to set one up so you can get certificates on your Domain Controllers that are trusted by your businesses devices so unsigned/simple binds can be retired.
A script I’ve found very helpful for monitoring the Domain Controller firewall logs for these events is located here:
Here is the Microsoft Article on enabling LDAP signing:
Here is the Microsoft Article from 2020 regarding the changes they were planning on making to turn this feature off.
You can enable LDAP over SSL with a third-party certification authority if you don’t have your own PKI.
I’ll have another blog forthcoming regarding setting up an in-house PKI securely.