(Hidden) Configuring Active Directory LDAP SSL for Windows 2016 server using Microsoft Certificate Services

Created: 2013-05-31 14:37:37
Modified: 2018-10-18 14:26:30
Tags:

By default all communications with LDAP servers (including Active Directory) are non-encrypted. This means any data (including credentials) will be sent in the clear. In order to protect your data and credentials you must configure your domain controller to allow SSL communications. In order to do this you must install an encryption certificate on the domain controller you wish to communicate with.

Install Certificate Manager

  1. Go to Start > Administrative Tools > Server Manager

  2. In the main window under Roles Summary, select Add Roles on the right

  3. Check the box next to “Active Directory Certificate Services” (Should take you right to Add Features prompt)

  4. Click Add Features Click Next, Click Next again. Click Next again.

  5. Confirm “Active Directory Certificate Services” is selected. Click Install… Click Close.

  6. Return to Server Manager, there should be a yellow flag and alert ( ! ) at the top right. Left click. Under “Post-deployment Configuration” left click “Configure AD Cert Svc” to begin configuration. (Can mostly accept the defaults.)

Click Credentials, Click Next.

  1. CHECK Certification Authority and click Next

  2. Leave Enterprise selected and click Next

  3. Leave Root CA selected and click Next

  4. Leave Create a new private key selected and click Next

  5. Leave the defaults for Configure Cryptopgraphy for CA and click Next

  6. Leave the defaults for Configure CA Name and click Next

Leave CA name as default.

  1. Set validity to 99 years (or your choice) and click Next

  2. Database locations - Leave defaults and click Next.

  3. Click Configure

  4. Confirm “Configuration Succeeded” and click Close

  5. Close the Server Manager

Continue below to configure automatic cert request

Configure Automatic Certificate Request

  1. Run gpmc.msc (Start > Search window or Command Prompt)

  2. The Group Policy Management window will appear. On the left, navigate to

  3. Group Policy Management
    • YourForest
      • Domains
        • YourDomain
          • Group Policy Objects
              • Default Domain Controllers Policy

  9. Left click Default Domain Controllers Policy and select Edit.

  10. Navigate to Default Domain Policy

  11. Computer Configuration
    • Policies
      • Windows Settings
        • Security Settings
          • Public Key Policies
            • Automatic Certificate Request Settings

  17. Right click New

  18. Select Automatic Certificate Request and click Next

  19. Leave defaults and click Next

  20. Click Finish

If you have followed these steps to configure LDAP SSL and are still having issues, please contact your Microsoft support resource.
Knowledgebase

Directory
  1. Directify - Self Service

  2. Mimic - Replication

  3. UnitySync - Sync
Password
  1. emPass - Sync
Obsolete
  1. Profiler
  2. SimpleSync