Now we know the Domain Controller is 172. Hosts with port 88 running Kerberos and port 53 running DNS open, we can strongly assume is the Domain Controller (DC) or a Windows Server.
LDAP transmits over TCP and information is transmitted between client and server using Basic Encoding Rules (BER). Consider Extended protection for authentication helps prevent some relaying attacks by ensuring that the TLS channel used for the connection to the server is the same that the client uses when authenticating. There can be several ways to prevent a username enumeration attack.Prevent ldap enumeration The need for LDAP to be enabled is more complicated then the Admin team just needing access.
