Issue
Changing from unencrypted LDAP Port 389 to encrypted LDAPS Port 636
Solution
To configure the secure LDAPS, we first need to install Certificate Authority on our Domain Controller.
AD CS Configuration
Open the Certification Authority in Server Manager. Tools / Certification Authority
Drop down the option for your server
Right-click Certificate Templates / Manage
Action / View Object Identifiers
Verify that Server Authentication Object Identifier is 1.3.6.1.5.5.7.3.1.
At the Desktop, run c:\windows\system32\mmc.exe
File Add/Remove Snap-in
Certificates
Computer account
Finish
Certificates --> Personal --> Certificates --> All Tasks --> Request New Certificate
Active Directory Enrollment Policy --> Domain Controller
Enroll
Test this with c:\windows\system32\ldp.exe
Connect --> Server name --> Port 636 --> SSL
Success!
Active Directory is now ready
Let’s configure AdminConsole
Open Certificate Authority
C:\windows\system32\mmc.exe
Add/remove Snap-Ins
Certificates (same as the step above)
Certificates --> Personal --> Certificates
Highlight the Server
Right-Click --> All Tasks --> Export
Select Base-64 encoded X.509 (*.cer)
Once you have the AdminConsole.cer file, copy (or rename) that file to AdminConsole.pem
Open the PEM with Notepad.exe
In AdminConsole, open Directory Setting, then EDIT
Change LDAP Port to 636
Check "Use SSL"
Copy and Paste the PEM contents into the SSL Certificate box
SAVE
Test it by clicking on Sync Now
Set up Auto-Sync for Every Hour
Check the box for the Directory Name
Click Synchronize
Every Hour
OK