Disable signed or encrypted LDAP traffic

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To disable signed or encrypted LDAP traffic

Open Registry Editor.

Caution
- Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer. You can also use the Last Known Good Configuration startup option if you encounter problems after manual changes have been applied.
In Registry Editor, navigate to the following registry key:

Where?
- HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/AdminDebug
Click Edit, point to New, and then click DWORD Value.
In the text box that appears, type ADsOpenObjectFlags, and then press ENTER.
Double-click the ADsOpenObjectFlags registry key you just created, and then change the Value Data to one of the following values below:

Value data (Hexadecimal) Disables

1

Signing

2

Encryption

3

Encryption and Signing

Caution

This procedure will disable the use of signed or encrypted LDAP traffic for some Active Directory administrative tools. It is recommended that you avoid disabling this feature. For more information, see Related Topics.

Notes

To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.
To open Registry Editor, click Start, click Run, type regedit, and then click OK.

Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.