You may notice the warning event "NTDS General - The security of this directory server can be significantly enhanced by configuring the server to reject SASL...." in event viewer for the Active Directory Domain Services with regards to LDAP bind. To get rid of the event warning, you can add a Group Policy to configure all domain controllers to reject unsigned and simple LDAP bind requests. Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure. Perform the following on a domain controller or a computer that has Remote Server Administration Tools installed.
- Open the Group Policy Management Console
- Expand Forest, Domains objects until you locate the domain object for the set of domain controllers you want to configure.
- Expand the Domain Controllers object, right-click Default Domain Controllers Policy and then click...