Would you like to learn how to install the Active Directory service and enable the LDAP over SSL feature on a computer runnin Windows server?In this tutorial, we are going to show you how enable the LDAP over SSL feature on a computer running Windows server.

• Windows 2012 R2

Hardware List:

The following section presents the list of equipment used to create this Windows tutorial.

Every piece of hardware listed above can be found at Amazon website.

Windows Playlist:

On this page, we offer quick access to a list of videos related to Windows installation.

Don't forget to subscribe to our youtube channel named FKIT.

Windows Related Tutorial:

On this page, we offer quick access to a list of tutorials related to Windows.

Tutorial - Active Directory Installation on Windows

• IP - 192.168.15.10.
• Operacional System - Windows 2012 R2
• Hostname - TECH-DC01
• Active Directory Domain: TECH.LOCAL

If you already have an Active Directory domain, you may skip this part of the tutorial.

Open the Server Manager application.

Access the Manage menu and click on Add roles and features.

Windows 2012 add role

Access the Server role screen, select the Active Directory Domain Service and click on the Next button.

active directory installation

On the following screen, click on the Add features button.

active directory windows installation

Keep clicking on the Next button until you reach the last screen.

windows install active directory

On the confirmation screen, click on the Install button.

active directory installation confirmation

Wait the Active directory installation to finish.

active directory installation windows

Open the Server Manager application.

Click on the yellow flag menu and select the option to promote this server to a domain controller

active directory configuration

Select the option to Add a new forest and enter a root domain name.

In our example, we created a new domain named: TECH.LOCAL.

deployment active directory

Enter a password to secure the Active Directory restoration.

domain controller options

On the DNS options screen, click on the Next button.

active directory dns options

Verify the Netbios name assigned to your domain and click on the Next button.

ad netbios name

Click on the Next button.

active directory paths

Review your configuration options and click on the Next button.

active directory summary

On the Prerequisites Check screen, click on the Install button.

active directory prerequisites check

Wait the Active Directory Configuration to finish.

active directory installation wizard

After finishing the Active directory installation, the computer will restart automatically

You have finished the Active directory configuration on Windows server.

Tutorial - Testing the LDAP over SSL communication

We need to test if your domain controller is offering the LDAP over SSL service on port 636.

On the domain controller, access the start menu and search for the LDP application.

Windows 2012 desktop

First, let's test if your domain controller is offering the LDAP service on port 389.

Access the Connection menu and select the Connect option.

Windows LDP application

Try to connect to the localhost using the TCP port 389.

Windows ldp ldap connection

You should be able to connect to the LDAP service on the localhost port 389.

Windows ldap connection Ok

Now, we need to test if your domain controller is offering the LDAP over SSL service on port 636.

Open a new LDP application Window and try to connect to the localhost using the TCP port 636.

Select the SSL checkbox and click on the Ok button.

Windows ldp ssl connection

If the system displays an error message, your domain controller is not offering the LDAPS service yet.

To solve this, we are going to install a Windows Certification authority on the next part of this tutorial.

ldp error 636 warning

If you were able to successfully connect to the localhost on port 636 using SSL encryption, you may skip the next part of this tutorial.

Tutorial - Certification Authority Installation on Windows

We need to install the Windows certification authority service.

The local certification authority will provide the domain controller with a certificate that will allow the LDAPS service to operate on the TCP port 636.

Open the Server Manager application.

Access the Manage menu and click on Add roles and features.

Windows 2012 add role

Access the Server role screen, select the Active Directory Certificate Services and click on the Next button.

windows certification authority installation

On the following screen, click on the Add features button.

active directory certificate service

Keep clicking on the Next button until you reach the role service screen.

Enable the option named Certification Authority and click on the Next button.

Windows server 2012 Certification authority install

On the confirmation screen, click on the Install button.

Windows ca confirmation screen

Wait the Certification Authority installation to finish.

Windows 2012 R2 certification authority installation

Open the Server Manager application.

Click on the yellow flag menu and select the option: Configure Active Directory Certificate Services

certification authority post deployment

On the credentials screen, click on the Next button.

Select the Certification Authority option and click on the Next button.

Windows certification authority role service

Select the Enterprise CA option and click on the Next button.

windows enterprise ca

Select the Create a new private key option and click on the Next button.

windows ca new private key

Keep the default cryptography configuration and click on the Next button.

windows cryptography for ca

Set a common name to the Certification authority and click on the Next button.

In our example, we set the common name: TECH-CA

Windows CA name configuration

Set the Windows Certification authority validity period.

Windows CA validity period

Keep the default Windows Certification authority database location.

windows certificate database

Verify the summary and click on the Configure button.

Windows Ca installation summary

Wait for the Windows server certification authority installation to finish.

Windows cs authority results

After finishing the certification authority installation, reboot your computer.

You have finished the Windows Certification authority installation.

Tutorial - Testing the LDAP over SSL Communication Again

We need to test if your domain controller is offering the LDAP over SSL service on port 636.

After finishing the Certification authority installation, wait 5 minutes and restart your domain controller.

During boot time, your domain controller will automatically request a server certificate from the local certification authority.

After getting the server certificate, your domain controller will start offering the LDAP service over SSL on the 636 port.

On the domain controller, access the start menu and search for the LDP application.

Windows 2012 desktop

Access the Connection menu and select the Connect option.

Windows LDP application

Try to connect to the localhost using the TCP port 636.

Select the SSL checkbox and click on the Ok button.

Windows ldp ssl connection

Try to connect to the localhost using the TCP port 636.

Select the SSL checkbox and click on the Ok button.

This time, you should be able to connect to the LDAP service on the localhost port 636.

Windows ldaps connection Ok

If you are not able to connect to port 636, reboot the computer again and wait 5 minutes more.

It may take sometime before your domain controller receives the certificate requested from the Certification Authority.