Help Center/ Workspace/ FAQs/ FAQs for Administrators/ How do I Enable LDAPS on the AD Server?
Updated on 2024-02-27 GMT+08:00

How do I Enable LDAPS on the AD Server?

If an enterprise needs to enable LDAPS so that cloud desktops can communicate with AD server applications using LDAPS, perform the following operations:

Enabling LDAPS on the Active AD Server

  1. Log in to the active AD server. On the taskbar in the lower left corner, click and click Server Manager. The server configuration page is displayed, as shown in Figure 1.

    Figure 1 Server manager

  2. In the Dashboard tab page, click Add roles and features. The Add Roles and Features Wizard dialog box is displayed.
  3. Click Next until the Select destination server page is displayed.
  4. Select a destination server.

    To obtain the name and IP address of the destination server, choose Tools > Active Directory Users and Computers > Domain Controllers on the Dashboard tab page of Server Manager.

  5. Click Next. The Select server roles page is displayed.
  6. Click Active Directory Certificate Services.
  7. Retain the default settings and click Add Features.
  8. Click Next until the Select role services page is displayed.
  9. Select Certification Authority Web Enrollment and click Add Features.
  10. Select Certification Enrollment Policy Web Service and click Add Features.
  11. Click Next until the confirmation page is displayed.
  12. Click Install.
  13. After the installation is complete, click Configure Active Directory Certificate Services on the destination server under Active Directory Certificate Services, as shown in Figure 2. The AD CS Configuration page is displayed.

    Figure 2 Configuring the Active Directory certificate service

  14. Retain the default settings and click Next. The Role Services page is displayed.
  15. Select Certificate Authority, Certificate Authority Web Enrollment, and Certificate Enrollment Policy Web Service, and click Next. The Setup Type page is displayed.
  16. Select Enterprise CA and click Next. The Specify the type of the CA page is displayed.
  17. Select Root CA and click Next. The Specify the type of the private key page is displayed.
  18. Select Create a new private key and click Next. The encryption configuration page is displayed.
  19. Set Key length to 2048 and select SHA256 for the hash algorithm for signing certificates issued by the CA. Retain the default values for other parameters, as shown in Figure 3.

    Figure 3 Cryptography settings

  20. Click Next.
  21. Select Select a certificate and assign it later for SSL and click Next. The confirmation page is displayed.
  22. Click Configure.
  23. After the configuration is complete, click Close.
  24. Restart the active AD server.

Verifying the LDAPS Connection of the Active AD Server

  1. On the desktop of the active AD server, click and enter Ldp to start Ldp.
  2. On Connection, click Connect.
  3. In Server, enter the domain name to be connected, for example, vdesktop.domain.com.

    To obtain the target domain name, choose Tools > Active Directory Domains and Trusts on the Dashboard tab page of Server Manager. The domain list page is displayed. The required domain name is displayed in the Name column, as shown in Figure 4.
    Figure 4 Domain name

  4. Enter 636 in Port.
  5. Select SSL.
  6. Click OK.

    If RootDSE information is displayed in the right pane, the connection is successful.

Enabling LDAPS on the Standby AD Server

  1. On the desktop of the active AD server, click and enter Run to start the application.
  2. Enter mmc in Open to go to Console Root.
  3. Choose File > Add/Remove Snap-ins.
  4. In the Available snap-ins list, double-click Certificates.
  5. Select Computer account and click Next to select a computer.
  6. Select Local computer: (the computer this console is running on), click Finish, and click OK.
  7. Under the Console Root, expand Certificates.
  8. Choose Personal > Certificates.
  9. Right-click the certificate whose Intended Purposes is All and choose All Tasks > Export. The certificate export wizard page is displayed.
  10. Click Next.
  11. Select Yes, export the private key and click Next.
  12. Select Personal Information Exchange-PKCS#12(.PFX), select Include all certificates in the certification path if possible, and click Next. The security configuration page is displayed.
  13. Select Group or user names, select Password, and set the password. Click Next.

    Record the password, which will be used when you import a certificate.

  14. Click Browse, select a path for storing the certificate, set the certificate name, click Save, and click Next. The information confirmation page is displayed.
  15. Confirm the configurations and click Finish.
  16. Log in to the standby AD server.
  17. Copy the active AD server certificate exported from 15 to the standby AD server.
  18. Open Server Manager.
  19. In the Dashboard tab page, click Add roles and features. The Add Roles and Features Wizard dialog box is displayed.
  20. Click Next until the Select destination server page is displayed.
  21. Select a destination server.

    To view the name and IP address of the destination server, choose Tools > Active Directory Users and Computers > Domain Controllers on the Dashboard tab page of Server Manager.

  22. Click Next. The Select server roles page is displayed.
  23. Click Active Directory Certificate Services.
  24. Retain the default settings and click Add Features.
  25. Click Next until the Select role services page is displayed.
  26. Select Certification Authority Web Enrollment and click Add Features.
  27. Select Certification Enrollment Policy Web Service and click Add Features.
  28. Click Next until the confirmation page is displayed.
  29. Click Install.
  30. After the installation is complete, click Configure Active Directory Certificate Services on the destination server under Active Directory Certificate Services, as shown in Figure 5. The AD CS Configuration page is displayed.

    Figure 5 Configuring the Active Directory certificate service

  31. Retain the default settings and click Next. The Role Services page is displayed.
  32. Select Certificate Authority, Certificate Authority Web Enrollment, and Certificate Enrollment Policy Web Service, and click Next. The Setup Type page is displayed.
  33. Select Enterprise CA and click Next. The Specify the type of the CA page is displayed.
  34. Select Root CA and click Next. The Specify the type of the private key page is displayed.
  35. Select Use existing private key, select Select a certificate and use its associated private key, and click Next.
  36. Click Import, select the certificate file copied to the standby AD server in 17, enter the password set in 13, and click OK.
  37. After the certificate is imported, select the certificate in the Certificates list and click Next.
  38. Select Select a certificate and assign it later for SSL and click Next. The confirmation page is displayed.
  39. Click Configure.
  40. After the configuration is complete, click Close.
  41. Restart the standby AD server.

Verifying the LDAPS Connection of the Standby AD Server

  1. On the desktop of the standby AD server, click and enter Ldp to start Ldp.
  2. On Connection, click Connect.
  3. In Server, enter the domain name to be connected, for example, vdesktop.domain.com.

    To obtain the target domain name, choose Tools > Active Directory Domains and Trusts on the Dashboard tab page of Server Manager. The domain list page is displayed. The required domain name is displayed in the Name column, as shown in Figure 6.
    Figure 6 Domain name

  4. Enter 636 in Port.
  5. Select SSL.
  6. Click OK.

    If RootDSE information is displayed in the right pane, the connection is successful.