peterdevadoss
asked on
enable LDAP in Domain Controller
i am configuring the AD to require LDAP server signing using Group Policy.
Domain controller: LDAP server signing requirements property is disabled. I could not configure this.
what will be the problem?
Think you'll find that settings is controlled under the Domain Controller Group Policy Object.
Enabling anonymous LDAP operations
Launch ADSI Edit (part of support tools) and navigate to:
CN=Directory Service,CN=Windows NT,CN=Services,
Where is the root domain of your forest (in my case this is DC=antid0t,DC=net)
Right click the "CN=Directory Services" container, choose "Properties" from the context menu and scroll down to the dsHeuristics attribute
If the attribute is not set (has no value), fill in "0000002" in the value field. The last (seventh) character is the one that controls the way you can bind to LDAP service. "0" or no seventh character means that anonymous LDAP operations are disabled. Setting the seventh character to "2" permits anonymous operations (you are still subject to Access Control Lists of the objects in AD)
Launch ADSI Edit (part of support tools) and navigate to:
CN=Directory Service,CN=Windows NT,CN=Services,
Where is the root domain of your forest (in my case this is DC=antid0t,DC=net)
Right click the "CN=Directory Services" container, choose "Properties" from the context menu and scroll down to the dsHeuristics attribute
If the attribute is not set (has no value), fill in "0000002" in the value field. The last (seventh) character is the one that controls the way you can bind to LDAP service. "0" or no seventh character means that anonymous LDAP operations are disabled. Setting the seventh character to "2" permits anonymous operations (you are still subject to Access Control Lists of the objects in AD)
ASKER
i cant see CN=Directory Service,CN=Windows NT,CN=Services,
only CN-Builtin, CN-Computers,OU=Domain Controlers,CN-ForeignSecur ityPrincip als,CN-Los tAndFound. ... and so on.
only CN-Builtin, CN-Computers,OU=Domain Controlers,CN-ForeignSecur
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.