All,
This is exactly what our cybersecurity team is reporting on. Log event ID
2289 showing up in the AD domain controller logs for Linux clients (using
sssd). Upon further research, Microsoft has just released a patch to fix
their mis-reporting:
On Wed, Sep 02, 2020 at 05:12:45PM -0500, Spike White wrote:
James,
Really appreciate this detailed answer. Our on-site MS consultant will be
back next week, we'll have a big conversation next week.
BTW, you reminded me. Our AD team has a few AD DCs configured for this
proposed "future
James,
Really appreciate this detailed answer. Our on-site MS consultant will be
back next week, we'll have a big conversation next week.
BTW, you reminded me. Our AD team has a few AD DCs configured for this
proposed "future state" configuration -- which will break the use case #2
above. I
On Wed, Sep 2, 2020 at 3:17 PM Spike White wrote:
> What cybersecurity is reporting off of is a particular event number
> on its AD controllers. which is showing a connection to a LDAP
> port.
>
> Is there another (better) event that it should be looking for
> instead? I.e., it should be
I believe it will still connect to the LDAP and GC ports, just the protocol
changes. To my knowledge going with the AD provider might help but you're
using LDAP for a reason instead I assume. Thinking about it though LDAP and
CLDAP calls will still connect to those ports.
-- lawrence
On Wed,
Thank you.
What cybersecurity is reporting off of is a particular event number on its
AD controllers. which is showing a connection to a LDAP port.
Is there another (better) event that it should be looking for instead?
I.e., it should be flagging a simple binding only to an LDAP port.
We have
On Wed, Sep 2, 2020 at 1:46 PM Spike White wrote:
> I apologize if this has been covered already. But this was just
> brought up by our cybersecurity team. They plan to disable
> "deprecated protocols". By that, they mean simple LDAP binding to
> AD's LDAP port. Because of passing content in
