Monitor for Simple/Unsigned LDAP Binds in Active Directory

There are many security risks with running Active Directory. In the Year 2022, one of these is still running your Active Directory with unsigned/simple ldap binds.

If you don’t already have a PKI environment setup you should probably work to set one up so you can get certificates on your Domain Controllers that are trusted by your businesses devices so unsigned/simple binds can be retired.

A script I’ve found very helpful for monitoring the Domain Controller firewall logs for these events is located here:

Here is the Microsoft Article on enabling LDAP signing:

Here is the Microsoft Article from 2020 regarding the changes they were planning on making to turn this feature off.

You can enable LDAP over SSL with a third-party certification authority if you don’t have your own PKI.

I’ll have another blog forthcoming regarding setting up an in-house PKI securely.