Overview#
Event 2886 (DIRLOG_ENCOURAGE_LDAP_SIGNING) is an Windows Security Log Event within the Microsoft Windows Logging system to encourage LDAPServerIntegrityEvent 2886 indicates:
- This Domain Controller is NOT currently configured to request LDAPServerIntegrity for Bind Request.
- The number of Bind Request this Domain Controller received from DUA within the past 24 hours without LDAPServerIntegrity
Setting for the "LDAP Interface Events" event logging category to level 2 or higher allows viewing:
- Number of simple binds performed without SSL/TLS: "Value"
- Number of Negotiate/Kerberos/NTLM/Digest binds performed without signing: "Value"
More Information#
There might be more information for this subject on one of the following:- [#1] - Event ID 2886 — LDAP signing
- based on information obtained 2020-01-18
- [#2] - LDAP signing - based on information obtained 2020-01-18
- [#3] - Identifying Clear Text LDAP binds to your DC's - based on information obtained 2020-01-18
