Hi, thanks for the response.
There are no 3039 events with any event source in the Directory Service log.
Yet there are summary events with event id 3040 saying that "During the previous 24 hours period, 1 unprotected LDAPS binds were performed. "
So why is there no 3039 event showing me the detail of that LDAPS bind?
As mentioned above, all domain controllers have recent patches installed which is a prerequisite for getting the 3039 events.