Link to home
Start Free TrialLog in
Avatar of peterdevadoss
peterdevadoss

asked on

enable LDAP in Domain Controller


i am configuring the AD to require LDAP server signing using Group Policy.
Domain controller: LDAP server signing requirements property is disabled. I could not configure this.
what will be the problem?

Avatar of jakethecatuk
jakethecatuk
Flag of United Kingdom of Great Britain and Northern Ireland image
Think you'll find that settings is controlled under the Domain Controller Group Policy Object.
Avatar of PRIVATEREN
PRIVATEREN
Enabling anonymous LDAP operations
Launch ADSI Edit (part of support tools) and navigate to:
CN=Directory Service,CN=Windows NT,CN=Services,
Where  is the root domain of your forest (in my case this is DC=antid0t,DC=net)

Right click the "CN=Directory Services" container, choose "Properties" from the context menu and scroll down to the dsHeuristics attribute


If the attribute is not set (has no value), fill in "0000002" in the value field. The last (seventh) character is the one that controls the way you can bind to LDAP service. "0" or no seventh character means that anonymous LDAP operations are disabled. Setting the seventh character to "2" permits anonymous operations (you are still subject to Access Control Lists of the objects in AD)
Avatar of peterdevadoss
peterdevadoss

ASKER

i cant see CN=Directory Service,CN=Windows NT,CN=Services,
only CN-Builtin, CN-Computers,OU=Domain Controlers,CN-ForeignSecurityPrincipals,CN-LostAndFound.... and so on.
ASKER CERTIFIED SOLUTION
Avatar of jakethecatuk
jakethecatuk
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial