This notice highlights recent Microsoft KB conflicts that impact certain LDAP event capture or blocking on Windows Server 2019, 2022, and 2025.
Want the full details? Click the link below!
On February 10, 2026, Microsoft released KB updates that conflict with Netwrix Threat Prevention agents used by Threat Manager for AD to collect AD event data. If these KBs are applied before updating the agents, certain LDAP events will no longer be captured or blocked.
Netwrix recommends delaying the deployment of these KBs if the impacted event types are important to your organization. The Netwrix development and QA teams are working on updated agents compatible with these KBs and will send another notice when they are available.
Important Details
If your Threat Manager for AD deployment does not use Threat Prevention agents for the following activity event collection, or such events are not deemed important, you may elect to deploy the following Microsoft KBs in advance of updated Netwrix Threat Prevention agents.
No other aspect of Threat Manager operation is impacted by the February 10th 2026 KBs beyond what is described below. There is no adverse impact to domain controllers if the KBs are deployed without updating the agents.
Event Types Affected:
LDAP Search activity
LDAP Bind activity
Severity:
MEDIUM
Affected Products:
- Netwrix Threat Prevention for Active Directory
- Netwrix Threat Manager for Active Directory
Affected Systems:
- Windows Server 2025 (for Active Directory)
- Windows Server 2022 (for Active Directory)
- Windows Server 2019 (for Active Directory)
Affected Microsoft KBs:
- Windows Server 2025 KB5075899
- Windows Server 2022 KB5075906
- Windows Server 2019 KB5075904
Impact:
Functional:
-
Windows Server 2025 – KB5075899
- Agents will lose the ability to capture or block LDAP Search activity.
- Agents will lose the ability to capture LDAP Bind activity.
- Log messages observed:
Couldn't resolve LDAP_CONN::SearchRequestCouldn't resolve LDAP_CONN::BindRequest
-
Windows Server 2022 – KB5075906
- Agents will lose the ability to capture or block LDAP Search activity.
- Agents will lose the ability to capture LDAP Bind activity.
- Log messages observed:
Couldn't resolve LDAP_CONN::SearchRequestCouldn't resolve LDAP_CONN::BindRequest
-
Windows Server 2019 – KB5075904
- Agents will lose the ability to capture LDAP Bind activity.
- Log message observed:
Couldn't resolve LDAP_CONN::BindRequest
Stability:
No stability impact on any server platforms or domain controllers
Need help with this update?
There are many different ways to get help with our products!
| Situation | Action |
|---|---|
| If you feel the product is broken and not working as intended… | Contact Support |
| If you have a question you’d like to ask other experts… | Create a discussion in the community: Threat Manager > Discussions & Questions |
| If you have a feature request… | Let our product team know directly: Threat Manager > Ideas |
| If you have something cool to show… | Show everyone what you built: Threat Manager > Show & Tell |
What are your thoughts?
We are always happy to hear from our users on what you like, and what you hope to see in the future. Please, share your thoughts below!