Please wait,
Processing your request...

  Business logo
  ... | Selecteer de Nederlandse taal |
Sharing is caring
| Print this page. | Linkedin page of Johan van Soest

React: Postcard image. Click this to mail to Johan


ICT-Hotlist Topic

The security of a Windows 2008 (r2) Active Directory server can be significantly improved by configuring the server to accept only signed or SSL/TLS LDAP binds.

Microsoft announced it will be hardening security to access Active Directory starting in 2023
The security of a Windows 2008 (r2) Active Directory server is default configured to be backwards compatible with Windows 2000 / NT and XP. Now that these operating systems are replaced (they are not supported by Microsoft for months or even years now) the security can be significantly improved by configuring the server to reject Simple Authentication and Security Layer (SASL) LDAP binds that do not request signing (integrity verification) or to reject LDAP simple binds that are performed on a clear text (non-SSL/TLS-encrypted) connection. SASLs may include protocols such as the Negotiate, Kerberos, NTLM, and Digest protocols. This document has information about:
  • How to discover clients that do not use the "Require signing" option
  • How to configure the directory to require LDAP server signing
  • The FixIt tool (50518)

How to verify current Authentication level:

  • Click Start, click Run, type ldp.exe, and then click OK.
  • Under the Connection menu, click Connect.
  • In the Server field and in the Port field, type the server name and the non-SSL/TLS port of your directory server, and then click OK.
    Note For an Active Directory Domain Controller, the applicable port is 389.
  • After a connection is established, select Bind on the Connection menu.
  • Under Bind type, select Simple bind.
  • Type the user name and password, and then click OK.
    if you receive the following error message, you successfully secured your directory server:
    Ldap_simple_bind_s() failed: Strong Authentication Required

You may vote your opinion about this article:

Scripts and programming examples disclaimer

Unless stated otherwise, the script sources and programming examples provided are copyrighted freeware. You may modify them, as long as a reference to the original code and hyperlink to the source page is included in the modified code and documentation. However, it is not allowed to publish (copies of) scripts and programming examples on your own site, blog, vlog, or distribute them on paper or any other medium, without prior written consent.
Many of the techniques used in these scripts, including but not limited to modifying the registry or system files and settings, impose a risk of rendering the Operating System inoperable and loss of data. Make sure you have verified full backups and the associated restore software available before running any script or programming example. Use these scripts and programming examples entirely at your own risk. All liability claims against the author in relation to material or non-material losses caused by the use, misuse or non-use of the information provided, or the use of incorrect or incomplete information, are excluded. All content is subject to change and provided without obligation.
Generated by WebHalla™ Version 0.1.e.7 : Thursday 30-5-2024 © Copyright 1995-2024 ing. Johan P.G. van Soest CIPM Certified Privacy Information Manager
Response Form    Cookie- and Privacy statement    Responsible Disclosure procedure
Weather in Waalre by OpenWeatherMap logo overcast clouds
Temperature 10.38 °C overcast clouds
Wind chill 10.08 °C overcast clouds
Humidity 100 % overcast clouds
Air pressure 1006 hPa overcast clouds
Wind speed 1.54 m/s overcast clouds
Wind direction South West South West overcast clouds
Sun Rise 5:28 Sun Rise
Sun Set 21:43 Sun Set
Updated:2024-05-30 06:09:04 overcast clouds

Weather Cache is 7 minute(s) old.
| Current user: Guest | Login |