Microsoft ADV190023 – LDAP Binding and Signing
Many people are asking about the impact of the changes Microsoft are implementing as part of ADV190023 so we thought it was worth putting this post up to help customers understand the implications of those changes.
ADV190023 was originally planned for release in March 2020 and was part of a two stage update, it does look like this will now be delayed, however the changes it makes can be implemented manually if needed also. ADV190023 is detailed in this link.
A much more useful document however is available here, both are published and maintained by Microsoft. The first point to note is that the second document states:
“The March 2020 updates do not make changes to LDAP signing or channel binding policies or their registry equivalent on new or existing domain controllers.”
As such Microsoft is basically putting the foundations in place to enable this functionality in the future, that said LDAP Binding and Signing is clearly a good idea.
If you are running Cirros software you will be pleased to know that we have enabled all of the LDAP Binding and Signing security settings in a test environment and the Cirros software is 100% compatible with these settings. If you enable LDAP Binding without LDAP Signing then no changes will be needed at all, if you enable LDAP Signing and do not currently import users from Active Directory over SSL then a small amount of reconfiguration will be required, if this is the case please contact our support desk to make these changes for you.