!!! Overview [{$pagename}] (DIRLOG_UNSIGNED_CLIENT_DETAILS) is an [Windows Security Log Event] within the [Microsoft Windows] [Logging] indicating the [DUA] ([clients]) which performed an insecure [Bind Request] without [LDAPServerIntegrity] [{$pagename}] reports the [Client]'s [IP Address] of [Bind Requests] without [LDAPServerIntegrity] of the [LDAP Message] From what [{$applicationname}] can determine this is done regardless of weather this [Domain Controller] is configured to reject [Bind Request] without [LDAPServerIntegrity] !! [Windows Security Log Event] [Message] The messages is similar to: {{{The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a cleartext (non-SSL/TLS-encrypted) LDAP connection. Client IP address: "Value" Identity the client attempted to authenticate as: "Value"}}} !! More Information There might be more information for this subject on one of the following: [{ReferringPagesPlugin before='*' after='\n' }] ---- * [#1] - [Event ID 2889 — LDAP signing|https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd941849%28v%3dws.10%29|target='_blank'] - based on information obtained 2020-01-18 * [#2] - [LDAP signing|https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd941832(v=ws.10)?redirectedfrom=MSDN|target='_blank'] - based on information obtained 2020-01-18 * [#3] - [Identifying Clear Text LDAP binds to your DC's|https://docs.microsoft.com/en-us/archive/blogs/russellt/identifying-clear-text-ldap-binds-to-your-dcs|target='_blank'] - based on information obtained 2020-01-18