Windows Server Event: 2887

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

System Event » Windows Server Event: 2887

Event ID 2887:LDAP signing.

Description This event is logged each time a client computer attempts an unsigned LDAP bind. It the client IP address and the account name that was used when the client computer attempted to authenticate.
Category LDAP interface
Subcategory LDAP signing

Reasons to monitor this event:

When unsigned binds occur, the domain controller will log Event ID 2887 every 24 hours, indicating how many unsigned binds have occurred. If you want to learn specifically which client computers are using unsigned binds to the domain controller, you can enable diagnostic logging for LDAP Interface Events.

Pro tips:

  • ADAudit Plus offers real-time alerts and graphical reports that are generated when unsigned binds occur in the LDAP interface.