Microsoft has announced that from Marts 2020, only secure LDAP request are supported: https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows

From the article:

LDAP channel binding and LDAP signing provide ways to increase the security of network communications between an Active Directory Domain Services (AD DS) or an Active Directory Lightweight Directory Services (AD LDS) and its clients. There is a vulerability in the default configuration for Lightweight Directory Access Protocol (LDAP) channel binding and LDAP signing and may expose Active directory domain controllers to elevation of privilege vulnerabilities.  Microsoft Security Advisory ADV190023 address the issue by recommending the administrators enable LDAP channel binding and LDAP signing on Active Directory Domain Controllers. This hardening must be done manually until the release of the security update that will enable these settings by default. 

Microsoft intends to release a security update on Windows Update to enable LDAP channel binding and LDAP signing hardening changes and anticipate this update will be available in March 2020.

And why is this important for the Citrix ADC. Well that is because that we can use 3 mode of LDAP communications on the Citrix ADC:

  • PLAINTEXT:
  • TLS:
  • SSL:

If your configuration uses PLANTEXT, that it will stop working after marts, if you patch your Windows Domain Controllers, and who don’t do that.

Get out there and check your configuration and change it if you are using PLAINTEXT.