Turning off LDAP Anonymous Directory Access Permitted on Windows Server 2013 R2

How do you turn off LDAP anonymous on Windows Server 2013 R2 Domain Controller?
rjordanbotsAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Adam BrownConnect With a Mentor Sr Solutions ArchitectCommented:
If someone enabled Anonymous LDAP binds on your AD in the past, it can be disabled by opening ADSIEdit and connecting to the configuration partition, then navigate to Services>Windows NT>Directory Service - Right click and select properties. Go to the attributes tab and check the dsHeuristics attribute. If it is set to 2, anonymous access to LDAP is enabled. Set it to 0 and that will disable it. Note, though, that despite the fact that Anonymous users can perform an LDAP bind if this is set to allow it, they are still limited to actions that are allowed to the anonymous user group.
0
 
Cliff GaliherCommented:
That is the default configuration. Anonymous access has to be explicitly granted, and usually there is no good reason to do so.
0
 
rjordanbotsAuthor Commented:
Sorry, I meant Windows Server 2012 R2
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Cliff GaliherCommented:
Yeah. Since there is no 2013, I knew what you meant. Same answer.
0
 
rjordanbotsAuthor Commented:
We had a security company come in and do a network assessment, this was one of the issues on the assessment that my boss wanted me to fix. I realize it is a default config. He did a ldapsearch to anonymously connect to the ldap service and pulled the Directory Information tree. I'm just not sure how to go about and turn this anonymous access off though. Or why do you say there isn't a good reason to do so? This is not for the DSE Root account.
0
 
rjordanbotsAuthor Commented:
Thanks, Adam, this fixed the solution, appreciate it.
0
All Courses

From novice to tech pro — start learning today.