en-US

Extended Protection for LDAP Authentication (Domain Controllers only) (DEPRECATED)

Supported on: Windows Server 2008 and newer

Registry

HKLM System\CurrentControlSet\Services\NTDS\Parameters

Value name: LdapEnforceChannelBinding

Options

LdapEnforceChannelBinding enum
  • Enabled, always (recommended) -> 2
  • Enabled, when supported -> 1
  • Disabled -> 0

Description

Beginning with the Windows 10 and Windows Server v2004 security baseline this setting has been moved to Security Options\Domain controller: LDAP server channel binding token requirements.