According to LEM there are lot of Logon Failure from users in differents network, trying to connect to the LDAP server, it seems like a atack but i was wonder if there any chance that this could be something more of the windows side.
According to the logs the users trying to connect using usernames like "test" o somethinng like that