How To Setup LDAPS on Windows Domain Controller Tutorial

thanks maaan

So, you are saying is all you do to get the needed certs is to install the AD CA run the LDP connection tests and then reboot the server and it will automatically create the needed certs for any DCs you run the LDP tests on a then reboot?

I guess permissions of duplicate certificate created was required some auto enrollment 😛

thanks for the demo, if I need to install this for the first time in my domain to enable ldaps, would all my member servers need to rebooted?

thank you so much !

My enterprise CA is disabled, and i continued with standalone , but after successful configuration i cant see anything under issued certificates even after restart. Also i am not able to connect through ldp.exe both for 389 and 636.

Hello,
It was clean enough to follow step by step.
Thanks a lot for the demo !!!!!!

Video very intuitive. If I want to restrict LDAP and allow my clients to only authenticate LDAPS would I need force that via my Domain Controller/Domain policies with the option just allow signing request? Is there additional steps beyond enabling signing request only?

But what if i have CA role on member server not on any DCs .. how i can import the certificate?? Please help

i plan on installing LDAPS on our RODC for our 69 branches, will this work?

Thank you so much!!!

Hello,
That was great and straight forward. Very helpful thanks a Million.

Installing a CA on a domain is horrible advice...

This video helped me tremendously!! I was building out a Forticlient Cloud EMS server for VPN and all of our root CA Certs were expired and couldn't figure out how to setup LDAPS on DCs. Thanks Sooooo Much!! Do you know how I can export the .PEM file for this Root CA cert to upload to Forticlient Cloud EMS server?

Hi thanks ! What about non ad joined machines can they connect?

Useful video. Can this work with other type OS like Linux machines? I want them (Linux) to be authenticated against the LDAPS server. Thanks.

where is ldp its not available in my machine, cant find any download link also

For security reason you don't want root CA's turned on all the time. You need DCs to be turned on so this is the issue. So far I haven't found anyone setup LDAPS without installing a root ca on a DC, makes me sad.

Thanks for the tutorial. It was very helpful!

If LDAPS:636 is enabled on a Domain Controller, can other connections still utilize LDAP:389 w/out any issues?

What if the certificate is not enrolled - when doing the same steps as you just did - how to troubleshoot that