According to Microsoft, LDAP binding and signing will automatically be enforced on January 2020.
I have enabled LDAP logging on domain controllers.
Set-ItemProperty hklm:\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics -Name '16 LDAP Interface Events' -Value 2
It appears that the vCenter is comming out in the "Directory Service" log with a lot of 2889 events:
The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification),
or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection.
Does anyone know how to make the vCenter (vSphere 6.7U3) use LDAP binding (No anonymous or Simple but SASL authentication) and signing?