Explorer.exe Making Connection on LDAP Port 389

A SOC analyst with less than a year of experience detected a sysmon event code 3 where an explorer.exe process, running on a database server, established a connection with the primary domain controller on destination port 389 (LDAP). This analyst observed only one instance of this activity and found no similar documentation online or in other projects he has monitored. He is seeking explanations for why this behavior is occurring and whether it is normal.