enable LDAP in Domain Controller

i am configuring the AD to require LDAP server signing using Group Policy.
Domain controller: LDAP server signing requirements property is disabled. I could not configure this.
what will be the problem?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Think you'll find that settings is controlled under the Domain Controller Group Policy Object.
Enabling anonymous LDAP operations
Launch ADSI Edit (part of support tools) and navigate to:
CN=Directory Service,CN=Windows NT,CN=Services,
Where  is the root domain of your forest (in my case this is DC=antid0t,DC=net)

Right click the "CN=Directory Services" container, choose "Properties" from the context menu and scroll down to the dsHeuristics attribute

If the attribute is not set (has no value), fill in "0000002" in the value field. The last (seventh) character is the one that controls the way you can bind to LDAP service. "0" or no seventh character means that anonymous LDAP operations are disabled. Setting the seventh character to "2" permits anonymous operations (you are still subject to Access Control Lists of the objects in AD)
peterdevadossAuthor Commented:
i cant see CN=Directory Service,CN=Windows NT,CN=Services,
only CN-Builtin, CN-Computers,OU=Domain Controlers,CN-ForeignSecurityPrincipals,CN-LostAndFound.... and so on.
As per my first post, this feature is set under the 'Default Domain Controllers Policy'.

Under Computer Configuration/Policies/Windows Settings/Security Settings/Local Policies/Security Options

The setting is 'Domain Controller: LDAP server signing requirements'

If you change the value under this group policy, it will update all of your AD servers.  Once you've done the change, run 'gpupdate /force' on your AD server to apply the change otherwise wait upto 90 minutes for it to refresh.

Using ADSI edit is not the correct way of setting this value on a DC.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.