Event ID 2887:LDAP signing.
|Description||This event is logged each time a client computer attempts an unsigned LDAP bind. It the client IP address and the account name that was used when the client computer attempted to authenticate.|
Reasons to monitor this event:
When unsigned binds occur, the domain controller will log Event ID 2887 every 24 hours, indicating how many unsigned binds have occurred. If you want to learn specifically which client computers are using unsigned binds to the domain controller, you can enable diagnostic logging for LDAP Interface Events.
- ADAudit Plus offers real-time alerts and graphical reports that are generated when unsigned binds occur in the LDAP interface.