Extended Protection for LDAP Authentication (Domain Controllers only) (DEPRECATED)
Supported on: Windows Server 2008 and newer
Registry
HKLM
System\CurrentControlSet\Services\NTDS\Parameters Value name: LdapEnforceChannelBinding
Options
LdapEnforceChannelBinding enum - Enabled, always (recommended)
->
2 - Enabled, when supported
->
1 - Disabled
->
0
Description
Beginning with the Windows 10 and Windows Server v2004 security baseline this setting has been moved to Security Options\Domain controller: LDAP server channel binding token requirements.