Post on 15-Sep-2018
Responding to a Active Directory Warning ‐ Event ID 2886
June 21, 2011
Copyright © 2011 by World Class CAD, LLC. All Rights Reserved.
Responding to Server Warnings
We observe there isa single warning forthe Active Directoryrole on the 2008Server. We doubleclick on the warningto read about theproblem.
The Event Properties Window
The warning is Event ID2886 concerning LDAPsigning and computersecurity. We decide toinvestigate the warningfurther and we doubleclick on the moreinformation hyperlink.
Microsoft Support Website
The 2886 Warning istitled “How to enableLDAP signing in WindowsServer 2008”. In thearticle, we can changethe Group Policy for LDAPsigning to enhance theserver’s security.
The next slides will takeus through the procedureand they include imagesfor each step.
Running Microsoft Management Console (MMC)
To begin the process, we click on theStart button and then select Run andtype “mmc” and the OK button.
MMC stands for the MicrosoftManagement Console that allows theAdministrator of a server to createcustom consoles to manage theirmachine.
Add Group Policy Management Editor
In the Available Snap‐ins , we will choose Group Policy Management Editor and then we press the Add button.
The Group Policy Wizard
The Group Policy Object (GPO)textbox is empty in the GroupPolicy Wizard window so we willwant to select the Browsebutton.
Choose the Policy
In the Browse for a Group PolicyObject window, we highlightDefault Domain Policy and thenwe press the OK button. We seethe Default Domain Policy in theGPO textbox and we select Finish.
Default Domain Policy Snap In
We see the DefaultDomain Policy SnapIn in the right pane,so we press the OKbutton.
Expanding the Domain Policies FolderWe now will expand the Default Domain Controller Policy, then Computer Configuration, Policies, Windows Settings, Security Settings, Local Policies, and then Security Options. We double click on Domain controller: LDAP server signing requirements to open the Properties window.
Domain controller: LDAP Server Signing Requirements
The Domain controller: LDAP serversigning requirements properties windowshould be changed by annotating theDefine this policy setting checkbox. Thenwe choose “Require signing” and wepress the Apply button.