Overview#Event 2887 (DIRLOG_WOULD_REJECT_UNSIGNED_CLIENTS) is an Windows Security Log Event within the Microsoft Windows Logging system to assist in LDAPServerIntegrity
Event 2887 indicates:
- This Domain Controller is configured to accept binds using LDAPServerIntegrity but NOT currently configured to reject LDAPServerIntegrity for Bind Request
- The number of Bind Request this Domain Controller received from DUA within the past 24 hours without using LDAPServerIntegrity
Setting for the "LDAP Interface Events" event logging category to level 2 or higher allows viewing:
- Number of simple binds performed without SSL/TLS: "Value"
- Number of Negotiate/Kerberos/NTLM/Digest binds performed without signing: "Value"
More Information#There might be more information for this subject on one of the following:
- [#1] - Event ID 2887 — LDAP signing - based on information obtained 2020-01-18
- [#2] - LDAP signing - based on information obtained 2020-01-18
- [#3] - Identifying Clear Text LDAP binds to your DC's - based on information obtained 2020-01-18
- [#4] - Query-InsecureLDAPBinds.ps1 - based on information obtained 2020-01-18