Will Dormann on Twitter: "If "Domain Controller: LDAP server signing requirements" is set to "Require signing", this appears to block the exploit at the stage of relaying kerberos authentication to LDAP. https://t.co/o6rDeU6AIC" /
How to Configure Active Directory Server Profile for Group Mapp... - Knowledge Base - Palo Alto Networks
LDAP over SSL (LDAPS) Certificate - TechNet Articles - United States (English) - TechNet Wiki
Windows Server DomainController find LDAP binds - IT koehler blog