We need to test changes on our clients who are logging Event ID 2889
"The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a cleartext (non-SSL/TLS-encrypted) LDAP connection."
Event 2887 suggets following http://support.microsoft.com/kb/935834 on directory servers to reject unsigned binds.
I do not want to configure the server signing and break some applications running before testing as it says
"Clients that rely on unsigned SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds or on LDAP simple binds over a non-SSL/TLS connection stop working after you make this configuration change"
Can I make configuration changes on only one of my directory server to test LDAP signing and on one of the client configure the local computer policy -
Network security: LDAP client signing requirements - Require signing
Please suggest what else is required on client side to get this work.