Skip to Main Content
Liongard Library

Welcome to Liongard Library, where Lions share! This is a community-led space where Liongard users can come to teach and learn from one another.
Share custom Metrics, get inspired and see what’s trending in the Pride.

Pride Etiquette:
➕ Have great custom Metrics? Add them as entries!
🌟 Want to use a Metric? Copy the query and
follow this doc.
👍 Tried a Metric from the Library? Like it!
📣 Have a question or feedback on a Metric? Add a comment!
🔎 Not sure where to start? Learn about Metrics and how to write them.
💬 Need help writing a metric or want to help support others? Join the conversation in our Liongard Lounge #metrics slack channel.


🥴 See something off? Open a support chat to let us know.

Categories Active Directory
Created by Lee Mackie
Created on May 9, 2022

Active Directory: Check LDAP Signing Policy

Check LDAP Signing is enabled via Group Policy to ensure mitigation of known vulnerabilities.

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements

To mitigate : Enable "Domain Controller: LDAP server signing" requirements in the "Default Domain Controllers Policy" group policy.

Query

GroupPolicySettings[?contains(KeyPath,`LDAPServerIntegrity`) && Policy ==`Default Domain Controllers Policy`].Value

  • Attach files