Blog Post

Core Infrastructure and Security Blog

10 MIN READ

LDAP Channel Binding and LDAP Signing Requirements - March 2020 update final release

Microsoft

Nov 04, 2019

Hi All, Alan here again, this time trying to give some details on these two settings that are creating quite some confusion. ATTENTION: before you continue reading I must emphasize that the MAR...

Updated Oct 06, 2023

Version 62.0

alanlapietra

AlanLaPietra

Microsoft

Joined October 17, 2017

View Profile

Core Infrastructure and Security Blog

Follow this blog board to get notified when there's new activity

Mirza Dedic

Brass Contributor

Feb 14, 2020

Can someone please confirm that to implement LDAP Channel Binding changes now (as opposed to waiting for the March and future patch) all we need to do change the following:

Set BOTH the Network security: LDAP client signing requirements and Domain controller: LDAP server signing requirements settings to Required in the Default Domain Policy and Default Domain Controller Group Policy Objects (GPO).
Set LdapEnforceChannelBinding registry key on our domain controllers.

Is this all we need to do and we are good to go? There is nothing else we need to do during March or future patch once this is in place today?

In this https://www.petri.com/microsoft-delays-ldap-signing-and-channel-binding-changes-in-active-directory post it states we should enable both settings on both the default domain policy and default domain controller policy, but based on some threads discussion here that is not the case?