Event ID 2887:LDAP signing.
|Description||This event is logged each time a client computer attempts an unsigned LDAP bind. It the client IP address and the account name that was used when the client computer attempted to authenticate.|
Reasons to monitor this event:
When unsigned binds occur, the domain controller will log Event ID 2887 every 24 hours, indicating how many unsigned binds have occurred. If you want to learn specifically which client computers are using unsigned binds to the domain controller, you can enable diagnostic logging for LDAP Interface Events.
- ADAudit Plus offers real-time alerts and graphical reports that are generated when unsigned binds occur in the LDAP interface.
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools